Commit | Line | Data |
---|---|---|
2874c5fd | 1 | // SPDX-License-Identifier: GPL-2.0-or-later |
1da177e4 LT |
2 | /* |
3 | * NET4: Implementation of BSD Unix domain sockets. | |
4 | * | |
113aa838 | 5 | * Authors: Alan Cox, <alan@lxorguk.ukuu.org.uk> |
1da177e4 | 6 | * |
1da177e4 LT |
7 | * Fixes: |
8 | * Linus Torvalds : Assorted bug cures. | |
9 | * Niibe Yutaka : async I/O support. | |
10 | * Carsten Paeth : PF_UNIX check, address fixes. | |
11 | * Alan Cox : Limit size of allocated blocks. | |
12 | * Alan Cox : Fixed the stupid socketpair bug. | |
13 | * Alan Cox : BSD compatibility fine tuning. | |
14 | * Alan Cox : Fixed a bug in connect when interrupted. | |
15 | * Alan Cox : Sorted out a proper draft version of | |
16 | * file descriptor passing hacked up from | |
17 | * Mike Shaver's work. | |
18 | * Marty Leisner : Fixes to fd passing | |
19 | * Nick Nevin : recvmsg bugfix. | |
20 | * Alan Cox : Started proper garbage collector | |
21 | * Heiko EiBfeldt : Missing verify_area check | |
22 | * Alan Cox : Started POSIXisms | |
23 | * Andreas Schwab : Replace inode by dentry for proper | |
24 | * reference counting | |
25 | * Kirk Petersen : Made this a module | |
26 | * Christoph Rohland : Elegant non-blocking accept/connect algorithm. | |
27 | * Lots of bug fixes. | |
28 | * Alexey Kuznetosv : Repaired (I hope) bugs introduces | |
29 | * by above two patches. | |
30 | * Andrea Arcangeli : If possible we block in connect(2) | |
31 | * if the max backlog of the listen socket | |
32 | * is been reached. This won't break | |
33 | * old apps and it will avoid huge amount | |
34 | * of socks hashed (this for unix_gc() | |
35 | * performances reasons). | |
36 | * Security fix that limits the max | |
37 | * number of socks to 2*max_files and | |
38 | * the number of skb queueable in the | |
39 | * dgram receiver. | |
40 | * Artur Skawina : Hash function optimizations | |
41 | * Alexey Kuznetsov : Full scale SMP. Lot of bugs are introduced 8) | |
42 | * Malcolm Beattie : Set peercred for socketpair | |
43 | * Michal Ostrowski : Module initialization cleanup. | |
44 | * Arnaldo C. Melo : Remove MOD_{INC,DEC}_USE_COUNT, | |
45 | * the core infrastructure is doing that | |
46 | * for all net proto families now (2.5.69+) | |
47 | * | |
1da177e4 LT |
48 | * Known differences from reference BSD that was tested: |
49 | * | |
50 | * [TO FIX] | |
51 | * ECONNREFUSED is not returned from one end of a connected() socket to the | |
52 | * other the moment one end closes. | |
53 | * fstat() doesn't return st_dev=0, and give the blksize as high water mark | |
54 | * and a fake inode identifier (nor the BSD first socket fstat twice bug). | |
55 | * [NOT TO FIX] | |
56 | * accept() returns a path name even if the connecting socket has closed | |
57 | * in the meantime (BSD loses the path and gives up). | |
58 | * accept() returns 0 length path for an unbound connector. BSD returns 16 | |
59 | * and a null first byte in the path (but not for gethost/peername - BSD bug ??) | |
60 | * socketpair(...SOCK_RAW..) doesn't panic the kernel. | |
61 | * BSD af_unix apparently has connect forgetting to block properly. | |
62 | * (need to check this with the POSIX spec in detail) | |
63 | * | |
64 | * Differences from 2.0.0-11-... (ANK) | |
65 | * Bug fixes and improvements. | |
66 | * - client shutdown killed server socket. | |
67 | * - removed all useless cli/sti pairs. | |
68 | * | |
69 | * Semantic changes/extensions. | |
70 | * - generic control message passing. | |
71 | * - SCM_CREDENTIALS control message. | |
72 | * - "Abstract" (not FS based) socket bindings. | |
73 | * Abstract names are sequences of bytes (not zero terminated) | |
74 | * started by 0, so that this name space does not intersect | |
75 | * with BSD names. | |
76 | */ | |
77 | ||
5cc208be | 78 | #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt |
79 | ||
1da177e4 | 80 | #include <linux/module.h> |
1da177e4 | 81 | #include <linux/kernel.h> |
1da177e4 | 82 | #include <linux/signal.h> |
3f07c014 | 83 | #include <linux/sched/signal.h> |
1da177e4 LT |
84 | #include <linux/errno.h> |
85 | #include <linux/string.h> | |
86 | #include <linux/stat.h> | |
87 | #include <linux/dcache.h> | |
88 | #include <linux/namei.h> | |
89 | #include <linux/socket.h> | |
90 | #include <linux/un.h> | |
91 | #include <linux/fcntl.h> | |
92 | #include <linux/termios.h> | |
93 | #include <linux/sockios.h> | |
94 | #include <linux/net.h> | |
95 | #include <linux/in.h> | |
96 | #include <linux/fs.h> | |
97 | #include <linux/slab.h> | |
7c0f6ba6 | 98 | #include <linux/uaccess.h> |
1da177e4 LT |
99 | #include <linux/skbuff.h> |
100 | #include <linux/netdevice.h> | |
457c4cbc | 101 | #include <net/net_namespace.h> |
1da177e4 | 102 | #include <net/sock.h> |
c752f073 | 103 | #include <net/tcp_states.h> |
1da177e4 LT |
104 | #include <net/af_unix.h> |
105 | #include <linux/proc_fs.h> | |
106 | #include <linux/seq_file.h> | |
107 | #include <net/scm.h> | |
108 | #include <linux/init.h> | |
109 | #include <linux/poll.h> | |
1da177e4 LT |
110 | #include <linux/rtnetlink.h> |
111 | #include <linux/mount.h> | |
112 | #include <net/checksum.h> | |
113 | #include <linux/security.h> | |
2b15af6f | 114 | #include <linux/freezer.h> |
ba94f308 | 115 | #include <linux/file.h> |
2c860a43 | 116 | #include <linux/btf_ids.h> |
1da177e4 | 117 | |
f4e65870 JA |
118 | #include "scm.h" |
119 | ||
7123aaa3 | 120 | struct hlist_head unix_socket_table[2 * UNIX_HASH_SIZE]; |
fa7ff56f PE |
121 | EXPORT_SYMBOL_GPL(unix_socket_table); |
122 | DEFINE_SPINLOCK(unix_table_lock); | |
123 | EXPORT_SYMBOL_GPL(unix_table_lock); | |
518de9b3 | 124 | static atomic_long_t unix_nr_socks; |
1da177e4 | 125 | |
1da177e4 | 126 | |
7123aaa3 ED |
127 | static struct hlist_head *unix_sockets_unbound(void *addr) |
128 | { | |
129 | unsigned long hash = (unsigned long)addr; | |
130 | ||
131 | hash ^= hash >> 16; | |
132 | hash ^= hash >> 8; | |
133 | hash %= UNIX_HASH_SIZE; | |
134 | return &unix_socket_table[UNIX_HASH_SIZE + hash]; | |
135 | } | |
136 | ||
137 | #define UNIX_ABSTRACT(sk) (unix_sk(sk)->addr->hash < UNIX_HASH_SIZE) | |
1da177e4 | 138 | |
877ce7c1 | 139 | #ifdef CONFIG_SECURITY_NETWORK |
dc49c1f9 | 140 | static void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb) |
877ce7c1 | 141 | { |
37a9a8df | 142 | UNIXCB(skb).secid = scm->secid; |
877ce7c1 CZ |
143 | } |
144 | ||
145 | static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb) | |
146 | { | |
37a9a8df SS |
147 | scm->secid = UNIXCB(skb).secid; |
148 | } | |
149 | ||
150 | static inline bool unix_secdata_eq(struct scm_cookie *scm, struct sk_buff *skb) | |
151 | { | |
152 | return (scm->secid == UNIXCB(skb).secid); | |
877ce7c1 CZ |
153 | } |
154 | #else | |
dc49c1f9 | 155 | static inline void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb) |
877ce7c1 CZ |
156 | { } |
157 | ||
158 | static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb) | |
159 | { } | |
37a9a8df SS |
160 | |
161 | static inline bool unix_secdata_eq(struct scm_cookie *scm, struct sk_buff *skb) | |
162 | { | |
163 | return true; | |
164 | } | |
877ce7c1 CZ |
165 | #endif /* CONFIG_SECURITY_NETWORK */ |
166 | ||
1da177e4 LT |
167 | /* |
168 | * SMP locking strategy: | |
fbe9cc4a | 169 | * hash table is protected with spinlock unix_table_lock |
663717f6 | 170 | * each socket state is protected by separate spin lock. |
1da177e4 LT |
171 | */ |
172 | ||
95c96174 | 173 | static inline unsigned int unix_hash_fold(__wsum n) |
1da177e4 | 174 | { |
0a13404d | 175 | unsigned int hash = (__force unsigned int)csum_fold(n); |
95c96174 | 176 | |
1da177e4 LT |
177 | hash ^= hash>>8; |
178 | return hash&(UNIX_HASH_SIZE-1); | |
179 | } | |
180 | ||
181 | #define unix_peer(sk) (unix_sk(sk)->peer) | |
182 | ||
183 | static inline int unix_our_peer(struct sock *sk, struct sock *osk) | |
184 | { | |
185 | return unix_peer(osk) == sk; | |
186 | } | |
187 | ||
188 | static inline int unix_may_send(struct sock *sk, struct sock *osk) | |
189 | { | |
6eba6a37 | 190 | return unix_peer(osk) == NULL || unix_our_peer(sk, osk); |
1da177e4 LT |
191 | } |
192 | ||
86b18aaa | 193 | static inline int unix_recvq_full(const struct sock *sk) |
3c73419c RW |
194 | { |
195 | return skb_queue_len(&sk->sk_receive_queue) > sk->sk_max_ack_backlog; | |
196 | } | |
197 | ||
86b18aaa QC |
198 | static inline int unix_recvq_full_lockless(const struct sock *sk) |
199 | { | |
200 | return skb_queue_len_lockless(&sk->sk_receive_queue) > | |
201 | READ_ONCE(sk->sk_max_ack_backlog); | |
202 | } | |
203 | ||
fa7ff56f | 204 | struct sock *unix_peer_get(struct sock *s) |
1da177e4 LT |
205 | { |
206 | struct sock *peer; | |
207 | ||
1c92b4e5 | 208 | unix_state_lock(s); |
1da177e4 LT |
209 | peer = unix_peer(s); |
210 | if (peer) | |
211 | sock_hold(peer); | |
1c92b4e5 | 212 | unix_state_unlock(s); |
1da177e4 LT |
213 | return peer; |
214 | } | |
fa7ff56f | 215 | EXPORT_SYMBOL_GPL(unix_peer_get); |
1da177e4 LT |
216 | |
217 | static inline void unix_release_addr(struct unix_address *addr) | |
218 | { | |
8c9814b9 | 219 | if (refcount_dec_and_test(&addr->refcnt)) |
1da177e4 LT |
220 | kfree(addr); |
221 | } | |
222 | ||
223 | /* | |
224 | * Check unix socket name: | |
225 | * - should be not zero length. | |
226 | * - if started by not zero, should be NULL terminated (FS object) | |
227 | * - if started by zero, it is abstract name. | |
228 | */ | |
ac7bfa62 | 229 | |
b8a58aa6 KI |
230 | static int unix_validate_addr(struct sockaddr_un *sunaddr, int addr_len) |
231 | { | |
232 | if (addr_len <= offsetof(struct sockaddr_un, sun_path) || | |
233 | addr_len > sizeof(*sunaddr)) | |
234 | return -EINVAL; | |
235 | ||
236 | if (sunaddr->sun_family != AF_UNIX) | |
237 | return -EINVAL; | |
238 | ||
239 | return 0; | |
240 | } | |
241 | ||
d2d8c9fd KI |
242 | static void unix_mkname_bsd(struct sockaddr_un *sunaddr, int addr_len) |
243 | { | |
244 | /* This may look like an off by one error but it is a bit more | |
245 | * subtle. 108 is the longest valid AF_UNIX path for a binding. | |
246 | * sun_path[108] doesn't as such exist. However in kernel space | |
247 | * we are guaranteed that it is a valid memory location in our | |
248 | * kernel address buffer because syscall functions always pass | |
249 | * a pointer of struct sockaddr_storage which has a bigger buffer | |
250 | * than 108. | |
251 | */ | |
252 | ((char *)sunaddr)[addr_len] = 0; | |
253 | } | |
254 | ||
1da177e4 LT |
255 | static void __unix_remove_socket(struct sock *sk) |
256 | { | |
257 | sk_del_node_init(sk); | |
258 | } | |
259 | ||
260 | static void __unix_insert_socket(struct hlist_head *list, struct sock *sk) | |
261 | { | |
547b792c | 262 | WARN_ON(!sk_unhashed(sk)); |
1da177e4 LT |
263 | sk_add_node(sk, list); |
264 | } | |
265 | ||
185ab886 AV |
266 | static void __unix_set_addr(struct sock *sk, struct unix_address *addr, |
267 | unsigned hash) | |
268 | { | |
269 | __unix_remove_socket(sk); | |
270 | smp_store_release(&unix_sk(sk)->addr, addr); | |
271 | __unix_insert_socket(&unix_socket_table[hash], sk); | |
272 | } | |
273 | ||
1da177e4 LT |
274 | static inline void unix_remove_socket(struct sock *sk) |
275 | { | |
fbe9cc4a | 276 | spin_lock(&unix_table_lock); |
1da177e4 | 277 | __unix_remove_socket(sk); |
fbe9cc4a | 278 | spin_unlock(&unix_table_lock); |
1da177e4 LT |
279 | } |
280 | ||
281 | static inline void unix_insert_socket(struct hlist_head *list, struct sock *sk) | |
282 | { | |
fbe9cc4a | 283 | spin_lock(&unix_table_lock); |
1da177e4 | 284 | __unix_insert_socket(list, sk); |
fbe9cc4a | 285 | spin_unlock(&unix_table_lock); |
1da177e4 LT |
286 | } |
287 | ||
097e66c5 DL |
288 | static struct sock *__unix_find_socket_byname(struct net *net, |
289 | struct sockaddr_un *sunname, | |
be752283 | 290 | int len, unsigned int hash) |
1da177e4 LT |
291 | { |
292 | struct sock *s; | |
1da177e4 | 293 | |
be752283 | 294 | sk_for_each(s, &unix_socket_table[hash]) { |
1da177e4 LT |
295 | struct unix_sock *u = unix_sk(s); |
296 | ||
878628fb | 297 | if (!net_eq(sock_net(s), net)) |
097e66c5 DL |
298 | continue; |
299 | ||
1da177e4 LT |
300 | if (u->addr->len == len && |
301 | !memcmp(u->addr->name, sunname, len)) | |
262ce0af | 302 | return s; |
1da177e4 | 303 | } |
262ce0af | 304 | return NULL; |
1da177e4 LT |
305 | } |
306 | ||
097e66c5 DL |
307 | static inline struct sock *unix_find_socket_byname(struct net *net, |
308 | struct sockaddr_un *sunname, | |
be752283 | 309 | int len, unsigned int hash) |
1da177e4 LT |
310 | { |
311 | struct sock *s; | |
312 | ||
fbe9cc4a | 313 | spin_lock(&unix_table_lock); |
be752283 | 314 | s = __unix_find_socket_byname(net, sunname, len, hash); |
1da177e4 LT |
315 | if (s) |
316 | sock_hold(s); | |
fbe9cc4a | 317 | spin_unlock(&unix_table_lock); |
1da177e4 LT |
318 | return s; |
319 | } | |
320 | ||
6616f788 | 321 | static struct sock *unix_find_socket_byinode(struct inode *i) |
1da177e4 LT |
322 | { |
323 | struct sock *s; | |
1da177e4 | 324 | |
fbe9cc4a | 325 | spin_lock(&unix_table_lock); |
b67bfe0d | 326 | sk_for_each(s, |
1da177e4 | 327 | &unix_socket_table[i->i_ino & (UNIX_HASH_SIZE - 1)]) { |
40ffe67d | 328 | struct dentry *dentry = unix_sk(s)->path.dentry; |
1da177e4 | 329 | |
beef5121 | 330 | if (dentry && d_backing_inode(dentry) == i) { |
1da177e4 LT |
331 | sock_hold(s); |
332 | goto found; | |
333 | } | |
334 | } | |
335 | s = NULL; | |
336 | found: | |
fbe9cc4a | 337 | spin_unlock(&unix_table_lock); |
1da177e4 LT |
338 | return s; |
339 | } | |
340 | ||
7d267278 RW |
341 | /* Support code for asymmetrically connected dgram sockets |
342 | * | |
343 | * If a datagram socket is connected to a socket not itself connected | |
344 | * to the first socket (eg, /dev/log), clients may only enqueue more | |
345 | * messages if the present receive queue of the server socket is not | |
346 | * "too large". This means there's a second writeability condition | |
347 | * poll and sendmsg need to test. The dgram recv code will do a wake | |
348 | * up on the peer_wait wait queue of a socket upon reception of a | |
349 | * datagram which needs to be propagated to sleeping would-be writers | |
350 | * since these might not have sent anything so far. This can't be | |
351 | * accomplished via poll_wait because the lifetime of the server | |
352 | * socket might be less than that of its clients if these break their | |
353 | * association with it or if the server socket is closed while clients | |
354 | * are still connected to it and there's no way to inform "a polling | |
355 | * implementation" that it should let go of a certain wait queue | |
356 | * | |
ac6424b9 | 357 | * In order to propagate a wake up, a wait_queue_entry_t of the client |
7d267278 RW |
358 | * socket is enqueued on the peer_wait queue of the server socket |
359 | * whose wake function does a wake_up on the ordinary client socket | |
360 | * wait queue. This connection is established whenever a write (or | |
361 | * poll for write) hit the flow control condition and broken when the | |
362 | * association to the server socket is dissolved or after a wake up | |
363 | * was relayed. | |
364 | */ | |
365 | ||
ac6424b9 | 366 | static int unix_dgram_peer_wake_relay(wait_queue_entry_t *q, unsigned mode, int flags, |
7d267278 RW |
367 | void *key) |
368 | { | |
369 | struct unix_sock *u; | |
370 | wait_queue_head_t *u_sleep; | |
371 | ||
372 | u = container_of(q, struct unix_sock, peer_wake); | |
373 | ||
374 | __remove_wait_queue(&unix_sk(u->peer_wake.private)->peer_wait, | |
375 | q); | |
376 | u->peer_wake.private = NULL; | |
377 | ||
378 | /* relaying can only happen while the wq still exists */ | |
379 | u_sleep = sk_sleep(&u->sk); | |
380 | if (u_sleep) | |
3ad6f93e | 381 | wake_up_interruptible_poll(u_sleep, key_to_poll(key)); |
7d267278 RW |
382 | |
383 | return 0; | |
384 | } | |
385 | ||
386 | static int unix_dgram_peer_wake_connect(struct sock *sk, struct sock *other) | |
387 | { | |
388 | struct unix_sock *u, *u_other; | |
389 | int rc; | |
390 | ||
391 | u = unix_sk(sk); | |
392 | u_other = unix_sk(other); | |
393 | rc = 0; | |
394 | spin_lock(&u_other->peer_wait.lock); | |
395 | ||
396 | if (!u->peer_wake.private) { | |
397 | u->peer_wake.private = other; | |
398 | __add_wait_queue(&u_other->peer_wait, &u->peer_wake); | |
399 | ||
400 | rc = 1; | |
401 | } | |
402 | ||
403 | spin_unlock(&u_other->peer_wait.lock); | |
404 | return rc; | |
405 | } | |
406 | ||
407 | static void unix_dgram_peer_wake_disconnect(struct sock *sk, | |
408 | struct sock *other) | |
409 | { | |
410 | struct unix_sock *u, *u_other; | |
411 | ||
412 | u = unix_sk(sk); | |
413 | u_other = unix_sk(other); | |
414 | spin_lock(&u_other->peer_wait.lock); | |
415 | ||
416 | if (u->peer_wake.private == other) { | |
417 | __remove_wait_queue(&u_other->peer_wait, &u->peer_wake); | |
418 | u->peer_wake.private = NULL; | |
419 | } | |
420 | ||
421 | spin_unlock(&u_other->peer_wait.lock); | |
422 | } | |
423 | ||
424 | static void unix_dgram_peer_wake_disconnect_wakeup(struct sock *sk, | |
425 | struct sock *other) | |
426 | { | |
427 | unix_dgram_peer_wake_disconnect(sk, other); | |
428 | wake_up_interruptible_poll(sk_sleep(sk), | |
a9a08845 LT |
429 | EPOLLOUT | |
430 | EPOLLWRNORM | | |
431 | EPOLLWRBAND); | |
7d267278 RW |
432 | } |
433 | ||
434 | /* preconditions: | |
435 | * - unix_peer(sk) == other | |
436 | * - association is stable | |
437 | */ | |
438 | static int unix_dgram_peer_wake_me(struct sock *sk, struct sock *other) | |
439 | { | |
440 | int connected; | |
441 | ||
442 | connected = unix_dgram_peer_wake_connect(sk, other); | |
443 | ||
51f7e951 JB |
444 | /* If other is SOCK_DEAD, we want to make sure we signal |
445 | * POLLOUT, such that a subsequent write() can get a | |
446 | * -ECONNREFUSED. Otherwise, if we haven't queued any skbs | |
447 | * to other and its full, we will hang waiting for POLLOUT. | |
448 | */ | |
449 | if (unix_recvq_full(other) && !sock_flag(other, SOCK_DEAD)) | |
7d267278 RW |
450 | return 1; |
451 | ||
452 | if (connected) | |
453 | unix_dgram_peer_wake_disconnect(sk, other); | |
454 | ||
455 | return 0; | |
456 | } | |
457 | ||
1586a587 | 458 | static int unix_writable(const struct sock *sk) |
1da177e4 | 459 | { |
1586a587 | 460 | return sk->sk_state != TCP_LISTEN && |
14afee4b | 461 | (refcount_read(&sk->sk_wmem_alloc) << 2) <= sk->sk_sndbuf; |
1da177e4 LT |
462 | } |
463 | ||
464 | static void unix_write_space(struct sock *sk) | |
465 | { | |
43815482 ED |
466 | struct socket_wq *wq; |
467 | ||
468 | rcu_read_lock(); | |
1da177e4 | 469 | if (unix_writable(sk)) { |
43815482 | 470 | wq = rcu_dereference(sk->sk_wq); |
1ce0bf50 | 471 | if (skwq_has_sleeper(wq)) |
67426b75 | 472 | wake_up_interruptible_sync_poll(&wq->wait, |
a9a08845 | 473 | EPOLLOUT | EPOLLWRNORM | EPOLLWRBAND); |
8d8ad9d7 | 474 | sk_wake_async(sk, SOCK_WAKE_SPACE, POLL_OUT); |
1da177e4 | 475 | } |
43815482 | 476 | rcu_read_unlock(); |
1da177e4 LT |
477 | } |
478 | ||
479 | /* When dgram socket disconnects (or changes its peer), we clear its receive | |
480 | * queue of packets arrived from previous peer. First, it allows to do | |
481 | * flow control based only on wmem_alloc; second, sk connected to peer | |
482 | * may receive messages only from that peer. */ | |
483 | static void unix_dgram_disconnected(struct sock *sk, struct sock *other) | |
484 | { | |
b03efcfb | 485 | if (!skb_queue_empty(&sk->sk_receive_queue)) { |
1da177e4 LT |
486 | skb_queue_purge(&sk->sk_receive_queue); |
487 | wake_up_interruptible_all(&unix_sk(sk)->peer_wait); | |
488 | ||
489 | /* If one link of bidirectional dgram pipe is disconnected, | |
490 | * we signal error. Messages are lost. Do not make this, | |
491 | * when peer was not connected to us. | |
492 | */ | |
493 | if (!sock_flag(other, SOCK_DEAD) && unix_peer(other) == sk) { | |
494 | other->sk_err = ECONNRESET; | |
e3ae2365 | 495 | sk_error_report(other); |
1da177e4 LT |
496 | } |
497 | } | |
dc56ad70 | 498 | other->sk_state = TCP_CLOSE; |
1da177e4 LT |
499 | } |
500 | ||
501 | static void unix_sock_destructor(struct sock *sk) | |
502 | { | |
503 | struct unix_sock *u = unix_sk(sk); | |
504 | ||
505 | skb_queue_purge(&sk->sk_receive_queue); | |
506 | ||
314001f0 RS |
507 | #if IS_ENABLED(CONFIG_AF_UNIX_OOB) |
508 | if (u->oob_skb) { | |
509 | kfree_skb(u->oob_skb); | |
510 | u->oob_skb = NULL; | |
511 | } | |
512 | #endif | |
14afee4b | 513 | WARN_ON(refcount_read(&sk->sk_wmem_alloc)); |
547b792c IJ |
514 | WARN_ON(!sk_unhashed(sk)); |
515 | WARN_ON(sk->sk_socket); | |
1da177e4 | 516 | if (!sock_flag(sk, SOCK_DEAD)) { |
5cc208be | 517 | pr_info("Attempt to release alive unix socket: %p\n", sk); |
1da177e4 LT |
518 | return; |
519 | } | |
520 | ||
521 | if (u->addr) | |
522 | unix_release_addr(u->addr); | |
523 | ||
518de9b3 | 524 | atomic_long_dec(&unix_nr_socks); |
a8076d8d | 525 | sock_prot_inuse_add(sock_net(sk), sk->sk_prot, -1); |
1da177e4 | 526 | #ifdef UNIX_REFCNT_DEBUG |
5cc208be | 527 | pr_debug("UNIX %p is destroyed, %ld are still alive.\n", sk, |
518de9b3 | 528 | atomic_long_read(&unix_nr_socks)); |
1da177e4 LT |
529 | #endif |
530 | } | |
531 | ||
ded34e0f | 532 | static void unix_release_sock(struct sock *sk, int embrion) |
1da177e4 LT |
533 | { |
534 | struct unix_sock *u = unix_sk(sk); | |
40ffe67d | 535 | struct path path; |
1da177e4 LT |
536 | struct sock *skpair; |
537 | struct sk_buff *skb; | |
538 | int state; | |
539 | ||
540 | unix_remove_socket(sk); | |
541 | ||
542 | /* Clear state */ | |
1c92b4e5 | 543 | unix_state_lock(sk); |
1da177e4 LT |
544 | sock_orphan(sk); |
545 | sk->sk_shutdown = SHUTDOWN_MASK; | |
40ffe67d AV |
546 | path = u->path; |
547 | u->path.dentry = NULL; | |
548 | u->path.mnt = NULL; | |
1da177e4 LT |
549 | state = sk->sk_state; |
550 | sk->sk_state = TCP_CLOSE; | |
a494bd64 ED |
551 | |
552 | skpair = unix_peer(sk); | |
553 | unix_peer(sk) = NULL; | |
554 | ||
1c92b4e5 | 555 | unix_state_unlock(sk); |
1da177e4 LT |
556 | |
557 | wake_up_interruptible_all(&u->peer_wait); | |
558 | ||
e27dfcea | 559 | if (skpair != NULL) { |
1da177e4 | 560 | if (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET) { |
1c92b4e5 | 561 | unix_state_lock(skpair); |
1da177e4 LT |
562 | /* No more writes */ |
563 | skpair->sk_shutdown = SHUTDOWN_MASK; | |
564 | if (!skb_queue_empty(&sk->sk_receive_queue) || embrion) | |
565 | skpair->sk_err = ECONNRESET; | |
1c92b4e5 | 566 | unix_state_unlock(skpair); |
1da177e4 | 567 | skpair->sk_state_change(skpair); |
8d8ad9d7 | 568 | sk_wake_async(skpair, SOCK_WAKE_WAITD, POLL_HUP); |
1da177e4 | 569 | } |
7d267278 RW |
570 | |
571 | unix_dgram_peer_wake_disconnect(sk, skpair); | |
1da177e4 | 572 | sock_put(skpair); /* It may now die */ |
1da177e4 LT |
573 | } |
574 | ||
575 | /* Try to flush out this socket. Throw out buffers at least */ | |
576 | ||
577 | while ((skb = skb_dequeue(&sk->sk_receive_queue)) != NULL) { | |
e27dfcea | 578 | if (state == TCP_LISTEN) |
1da177e4 LT |
579 | unix_release_sock(skb->sk, 1); |
580 | /* passed fds are erased in the kfree_skb hook */ | |
73ed5d25 | 581 | UNIXCB(skb).consumed = skb->len; |
1da177e4 LT |
582 | kfree_skb(skb); |
583 | } | |
584 | ||
40ffe67d AV |
585 | if (path.dentry) |
586 | path_put(&path); | |
1da177e4 LT |
587 | |
588 | sock_put(sk); | |
589 | ||
590 | /* ---- Socket is dead now and most probably destroyed ---- */ | |
591 | ||
592 | /* | |
e04dae84 | 593 | * Fixme: BSD difference: In BSD all sockets connected to us get |
1da177e4 LT |
594 | * ECONNRESET and we die on the spot. In Linux we behave |
595 | * like files and pipes do and wait for the last | |
596 | * dereference. | |
597 | * | |
598 | * Can't we simply set sock->err? | |
599 | * | |
600 | * What the above comment does talk about? --ANK(980817) | |
601 | */ | |
602 | ||
9305cfa4 | 603 | if (unix_tot_inflight) |
ac7bfa62 | 604 | unix_gc(); /* Garbage collect fds */ |
1da177e4 LT |
605 | } |
606 | ||
109f6e39 EB |
607 | static void init_peercred(struct sock *sk) |
608 | { | |
35306eb2 ED |
609 | const struct cred *old_cred; |
610 | struct pid *old_pid; | |
611 | ||
612 | spin_lock(&sk->sk_peer_lock); | |
613 | old_pid = sk->sk_peer_pid; | |
614 | old_cred = sk->sk_peer_cred; | |
109f6e39 EB |
615 | sk->sk_peer_pid = get_pid(task_tgid(current)); |
616 | sk->sk_peer_cred = get_current_cred(); | |
35306eb2 ED |
617 | spin_unlock(&sk->sk_peer_lock); |
618 | ||
619 | put_pid(old_pid); | |
620 | put_cred(old_cred); | |
109f6e39 EB |
621 | } |
622 | ||
623 | static void copy_peercred(struct sock *sk, struct sock *peersk) | |
624 | { | |
35306eb2 ED |
625 | const struct cred *old_cred; |
626 | struct pid *old_pid; | |
627 | ||
628 | if (sk < peersk) { | |
629 | spin_lock(&sk->sk_peer_lock); | |
630 | spin_lock_nested(&peersk->sk_peer_lock, SINGLE_DEPTH_NESTING); | |
631 | } else { | |
632 | spin_lock(&peersk->sk_peer_lock); | |
633 | spin_lock_nested(&sk->sk_peer_lock, SINGLE_DEPTH_NESTING); | |
634 | } | |
635 | old_pid = sk->sk_peer_pid; | |
636 | old_cred = sk->sk_peer_cred; | |
109f6e39 EB |
637 | sk->sk_peer_pid = get_pid(peersk->sk_peer_pid); |
638 | sk->sk_peer_cred = get_cred(peersk->sk_peer_cred); | |
35306eb2 ED |
639 | |
640 | spin_unlock(&sk->sk_peer_lock); | |
641 | spin_unlock(&peersk->sk_peer_lock); | |
642 | ||
643 | put_pid(old_pid); | |
644 | put_cred(old_cred); | |
109f6e39 EB |
645 | } |
646 | ||
1da177e4 LT |
647 | static int unix_listen(struct socket *sock, int backlog) |
648 | { | |
649 | int err; | |
650 | struct sock *sk = sock->sk; | |
651 | struct unix_sock *u = unix_sk(sk); | |
652 | ||
653 | err = -EOPNOTSUPP; | |
6eba6a37 ED |
654 | if (sock->type != SOCK_STREAM && sock->type != SOCK_SEQPACKET) |
655 | goto out; /* Only stream/seqpacket sockets accept */ | |
1da177e4 LT |
656 | err = -EINVAL; |
657 | if (!u->addr) | |
6eba6a37 | 658 | goto out; /* No listens on an unbound socket */ |
1c92b4e5 | 659 | unix_state_lock(sk); |
1da177e4 LT |
660 | if (sk->sk_state != TCP_CLOSE && sk->sk_state != TCP_LISTEN) |
661 | goto out_unlock; | |
662 | if (backlog > sk->sk_max_ack_backlog) | |
663 | wake_up_interruptible_all(&u->peer_wait); | |
664 | sk->sk_max_ack_backlog = backlog; | |
665 | sk->sk_state = TCP_LISTEN; | |
666 | /* set credentials so connect can copy them */ | |
109f6e39 | 667 | init_peercred(sk); |
1da177e4 LT |
668 | err = 0; |
669 | ||
670 | out_unlock: | |
1c92b4e5 | 671 | unix_state_unlock(sk); |
1da177e4 LT |
672 | out: |
673 | return err; | |
674 | } | |
675 | ||
676 | static int unix_release(struct socket *); | |
677 | static int unix_bind(struct socket *, struct sockaddr *, int); | |
678 | static int unix_stream_connect(struct socket *, struct sockaddr *, | |
679 | int addr_len, int flags); | |
680 | static int unix_socketpair(struct socket *, struct socket *); | |
cdfbabfb | 681 | static int unix_accept(struct socket *, struct socket *, int, bool); |
9b2c45d4 | 682 | static int unix_getname(struct socket *, struct sockaddr *, int); |
a11e1d43 LT |
683 | static __poll_t unix_poll(struct file *, struct socket *, poll_table *); |
684 | static __poll_t unix_dgram_poll(struct file *, struct socket *, | |
685 | poll_table *); | |
1da177e4 | 686 | static int unix_ioctl(struct socket *, unsigned int, unsigned long); |
5f6beb9e AB |
687 | #ifdef CONFIG_COMPAT |
688 | static int unix_compat_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg); | |
689 | #endif | |
1da177e4 | 690 | static int unix_shutdown(struct socket *, int); |
1b784140 YX |
691 | static int unix_stream_sendmsg(struct socket *, struct msghdr *, size_t); |
692 | static int unix_stream_recvmsg(struct socket *, struct msghdr *, size_t, int); | |
869e7c62 HFS |
693 | static ssize_t unix_stream_sendpage(struct socket *, struct page *, int offset, |
694 | size_t size, int flags); | |
2b514574 HFS |
695 | static ssize_t unix_stream_splice_read(struct socket *, loff_t *ppos, |
696 | struct pipe_inode_info *, size_t size, | |
697 | unsigned int flags); | |
1b784140 YX |
698 | static int unix_dgram_sendmsg(struct socket *, struct msghdr *, size_t); |
699 | static int unix_dgram_recvmsg(struct socket *, struct msghdr *, size_t, int); | |
29df44fa CW |
700 | static int unix_read_sock(struct sock *sk, read_descriptor_t *desc, |
701 | sk_read_actor_t recv_actor); | |
77462de1 JW |
702 | static int unix_stream_read_sock(struct sock *sk, read_descriptor_t *desc, |
703 | sk_read_actor_t recv_actor); | |
1da177e4 LT |
704 | static int unix_dgram_connect(struct socket *, struct sockaddr *, |
705 | int, int); | |
1b784140 YX |
706 | static int unix_seqpacket_sendmsg(struct socket *, struct msghdr *, size_t); |
707 | static int unix_seqpacket_recvmsg(struct socket *, struct msghdr *, size_t, | |
708 | int); | |
1da177e4 | 709 | |
12663bfc | 710 | static int unix_set_peek_off(struct sock *sk, int val) |
f55bb7f9 PE |
711 | { |
712 | struct unix_sock *u = unix_sk(sk); | |
713 | ||
6e1ce3c3 | 714 | if (mutex_lock_interruptible(&u->iolock)) |
12663bfc SL |
715 | return -EINTR; |
716 | ||
f55bb7f9 | 717 | sk->sk_peek_off = val; |
6e1ce3c3 | 718 | mutex_unlock(&u->iolock); |
12663bfc SL |
719 | |
720 | return 0; | |
f55bb7f9 PE |
721 | } |
722 | ||
5c05a164 | 723 | #ifdef CONFIG_PROC_FS |
3c32da19 KT |
724 | static void unix_show_fdinfo(struct seq_file *m, struct socket *sock) |
725 | { | |
726 | struct sock *sk = sock->sk; | |
727 | struct unix_sock *u; | |
728 | ||
729 | if (sk) { | |
730 | u = unix_sk(sock->sk); | |
7782040b PA |
731 | seq_printf(m, "scm_fds: %u\n", |
732 | atomic_read(&u->scm_stat.nr_fds)); | |
3c32da19 KT |
733 | } |
734 | } | |
3a12500e TK |
735 | #else |
736 | #define unix_show_fdinfo NULL | |
737 | #endif | |
f55bb7f9 | 738 | |
90ddc4f0 | 739 | static const struct proto_ops unix_stream_ops = { |
1da177e4 LT |
740 | .family = PF_UNIX, |
741 | .owner = THIS_MODULE, | |
742 | .release = unix_release, | |
743 | .bind = unix_bind, | |
744 | .connect = unix_stream_connect, | |
745 | .socketpair = unix_socketpair, | |
746 | .accept = unix_accept, | |
747 | .getname = unix_getname, | |
a11e1d43 | 748 | .poll = unix_poll, |
1da177e4 | 749 | .ioctl = unix_ioctl, |
5f6beb9e AB |
750 | #ifdef CONFIG_COMPAT |
751 | .compat_ioctl = unix_compat_ioctl, | |
752 | #endif | |
1da177e4 LT |
753 | .listen = unix_listen, |
754 | .shutdown = unix_shutdown, | |
1da177e4 LT |
755 | .sendmsg = unix_stream_sendmsg, |
756 | .recvmsg = unix_stream_recvmsg, | |
77462de1 | 757 | .read_sock = unix_stream_read_sock, |
1da177e4 | 758 | .mmap = sock_no_mmap, |
869e7c62 | 759 | .sendpage = unix_stream_sendpage, |
2b514574 | 760 | .splice_read = unix_stream_splice_read, |
fc0d7536 | 761 | .set_peek_off = unix_set_peek_off, |
3c32da19 | 762 | .show_fdinfo = unix_show_fdinfo, |
1da177e4 LT |
763 | }; |
764 | ||
90ddc4f0 | 765 | static const struct proto_ops unix_dgram_ops = { |
1da177e4 LT |
766 | .family = PF_UNIX, |
767 | .owner = THIS_MODULE, | |
768 | .release = unix_release, | |
769 | .bind = unix_bind, | |
770 | .connect = unix_dgram_connect, | |
771 | .socketpair = unix_socketpair, | |
772 | .accept = sock_no_accept, | |
773 | .getname = unix_getname, | |
a11e1d43 | 774 | .poll = unix_dgram_poll, |
1da177e4 | 775 | .ioctl = unix_ioctl, |
5f6beb9e AB |
776 | #ifdef CONFIG_COMPAT |
777 | .compat_ioctl = unix_compat_ioctl, | |
778 | #endif | |
1da177e4 LT |
779 | .listen = sock_no_listen, |
780 | .shutdown = unix_shutdown, | |
1da177e4 | 781 | .sendmsg = unix_dgram_sendmsg, |
29df44fa | 782 | .read_sock = unix_read_sock, |
1da177e4 LT |
783 | .recvmsg = unix_dgram_recvmsg, |
784 | .mmap = sock_no_mmap, | |
785 | .sendpage = sock_no_sendpage, | |
f55bb7f9 | 786 | .set_peek_off = unix_set_peek_off, |
3c32da19 | 787 | .show_fdinfo = unix_show_fdinfo, |
1da177e4 LT |
788 | }; |
789 | ||
90ddc4f0 | 790 | static const struct proto_ops unix_seqpacket_ops = { |
1da177e4 LT |
791 | .family = PF_UNIX, |
792 | .owner = THIS_MODULE, | |
793 | .release = unix_release, | |
794 | .bind = unix_bind, | |
795 | .connect = unix_stream_connect, | |
796 | .socketpair = unix_socketpair, | |
797 | .accept = unix_accept, | |
798 | .getname = unix_getname, | |
a11e1d43 | 799 | .poll = unix_dgram_poll, |
1da177e4 | 800 | .ioctl = unix_ioctl, |
5f6beb9e AB |
801 | #ifdef CONFIG_COMPAT |
802 | .compat_ioctl = unix_compat_ioctl, | |
803 | #endif | |
1da177e4 LT |
804 | .listen = unix_listen, |
805 | .shutdown = unix_shutdown, | |
1da177e4 | 806 | .sendmsg = unix_seqpacket_sendmsg, |
a05d2ad1 | 807 | .recvmsg = unix_seqpacket_recvmsg, |
1da177e4 LT |
808 | .mmap = sock_no_mmap, |
809 | .sendpage = sock_no_sendpage, | |
f55bb7f9 | 810 | .set_peek_off = unix_set_peek_off, |
3c32da19 | 811 | .show_fdinfo = unix_show_fdinfo, |
1da177e4 LT |
812 | }; |
813 | ||
c7272e15 CW |
814 | static void unix_close(struct sock *sk, long timeout) |
815 | { | |
816 | /* Nothing to do here, unix socket does not need a ->close(). | |
817 | * This is merely for sockmap. | |
818 | */ | |
819 | } | |
820 | ||
94531cfc JW |
821 | static void unix_unhash(struct sock *sk) |
822 | { | |
823 | /* Nothing to do here, unix socket does not need a ->unhash(). | |
824 | * This is merely for sockmap. | |
825 | */ | |
826 | } | |
827 | ||
828 | struct proto unix_dgram_proto = { | |
0edf0824 | 829 | .name = "UNIX", |
248969ae | 830 | .owner = THIS_MODULE, |
248969ae | 831 | .obj_size = sizeof(struct unix_sock), |
c7272e15 | 832 | .close = unix_close, |
c6382918 | 833 | #ifdef CONFIG_BPF_SYSCALL |
94531cfc | 834 | .psock_update_sk_prot = unix_dgram_bpf_update_proto, |
c6382918 | 835 | #endif |
1da177e4 LT |
836 | }; |
837 | ||
94531cfc JW |
838 | struct proto unix_stream_proto = { |
839 | .name = "UNIX-STREAM", | |
248969ae | 840 | .owner = THIS_MODULE, |
248969ae | 841 | .obj_size = sizeof(struct unix_sock), |
c7272e15 | 842 | .close = unix_close, |
94531cfc | 843 | .unhash = unix_unhash, |
c6382918 | 844 | #ifdef CONFIG_BPF_SYSCALL |
94531cfc | 845 | .psock_update_sk_prot = unix_stream_bpf_update_proto, |
c6382918 | 846 | #endif |
1da177e4 LT |
847 | }; |
848 | ||
94531cfc | 849 | static struct sock *unix_create1(struct net *net, struct socket *sock, int kern, int type) |
1da177e4 | 850 | { |
1da177e4 | 851 | struct unix_sock *u; |
f4bd73b5 KI |
852 | struct sock *sk; |
853 | int err; | |
1da177e4 | 854 | |
518de9b3 | 855 | atomic_long_inc(&unix_nr_socks); |
f4bd73b5 KI |
856 | if (atomic_long_read(&unix_nr_socks) > 2 * get_max_files()) { |
857 | err = -ENFILE; | |
858 | goto err; | |
859 | } | |
1da177e4 | 860 | |
94531cfc JW |
861 | if (type == SOCK_STREAM) |
862 | sk = sk_alloc(net, PF_UNIX, GFP_KERNEL, &unix_stream_proto, kern); | |
863 | else /*dgram and seqpacket */ | |
864 | sk = sk_alloc(net, PF_UNIX, GFP_KERNEL, &unix_dgram_proto, kern); | |
865 | ||
f4bd73b5 KI |
866 | if (!sk) { |
867 | err = -ENOMEM; | |
868 | goto err; | |
869 | } | |
1da177e4 | 870 | |
6eba6a37 | 871 | sock_init_data(sock, sk); |
1da177e4 | 872 | |
3aa9799e | 873 | sk->sk_allocation = GFP_KERNEL_ACCOUNT; |
1da177e4 | 874 | sk->sk_write_space = unix_write_space; |
a0a53c8b | 875 | sk->sk_max_ack_backlog = net->unx.sysctl_max_dgram_qlen; |
1da177e4 LT |
876 | sk->sk_destruct = unix_sock_destructor; |
877 | u = unix_sk(sk); | |
40ffe67d AV |
878 | u->path.dentry = NULL; |
879 | u->path.mnt = NULL; | |
fd19f329 | 880 | spin_lock_init(&u->lock); |
516e0cc5 | 881 | atomic_long_set(&u->inflight, 0); |
1fd05ba5 | 882 | INIT_LIST_HEAD(&u->link); |
6e1ce3c3 LT |
883 | mutex_init(&u->iolock); /* single task reading lock */ |
884 | mutex_init(&u->bindlock); /* single task binding lock */ | |
1da177e4 | 885 | init_waitqueue_head(&u->peer_wait); |
7d267278 | 886 | init_waitqueue_func_entry(&u->peer_wake, unix_dgram_peer_wake_relay); |
3c32da19 | 887 | memset(&u->scm_stat, 0, sizeof(struct scm_stat)); |
7123aaa3 | 888 | unix_insert_socket(unix_sockets_unbound(sk), sk); |
f4bd73b5 | 889 | |
f4bd73b5 | 890 | sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1); |
f4bd73b5 | 891 | |
1da177e4 | 892 | return sk; |
f4bd73b5 KI |
893 | |
894 | err: | |
895 | atomic_long_dec(&unix_nr_socks); | |
896 | return ERR_PTR(err); | |
1da177e4 LT |
897 | } |
898 | ||
3f378b68 EP |
899 | static int unix_create(struct net *net, struct socket *sock, int protocol, |
900 | int kern) | |
1da177e4 | 901 | { |
f4bd73b5 KI |
902 | struct sock *sk; |
903 | ||
1da177e4 LT |
904 | if (protocol && protocol != PF_UNIX) |
905 | return -EPROTONOSUPPORT; | |
906 | ||
907 | sock->state = SS_UNCONNECTED; | |
908 | ||
909 | switch (sock->type) { | |
910 | case SOCK_STREAM: | |
911 | sock->ops = &unix_stream_ops; | |
912 | break; | |
913 | /* | |
914 | * Believe it or not BSD has AF_UNIX, SOCK_RAW though | |
915 | * nothing uses it. | |
916 | */ | |
917 | case SOCK_RAW: | |
e27dfcea | 918 | sock->type = SOCK_DGRAM; |
df561f66 | 919 | fallthrough; |
1da177e4 LT |
920 | case SOCK_DGRAM: |
921 | sock->ops = &unix_dgram_ops; | |
922 | break; | |
923 | case SOCK_SEQPACKET: | |
924 | sock->ops = &unix_seqpacket_ops; | |
925 | break; | |
926 | default: | |
927 | return -ESOCKTNOSUPPORT; | |
928 | } | |
929 | ||
f4bd73b5 KI |
930 | sk = unix_create1(net, sock, kern, sock->type); |
931 | if (IS_ERR(sk)) | |
932 | return PTR_ERR(sk); | |
933 | ||
934 | return 0; | |
1da177e4 LT |
935 | } |
936 | ||
937 | static int unix_release(struct socket *sock) | |
938 | { | |
939 | struct sock *sk = sock->sk; | |
940 | ||
941 | if (!sk) | |
942 | return 0; | |
943 | ||
c7272e15 | 944 | sk->sk_prot->close(sk, 0); |
ded34e0f | 945 | unix_release_sock(sk, 0); |
1da177e4 LT |
946 | sock->sk = NULL; |
947 | ||
ded34e0f | 948 | return 0; |
1da177e4 LT |
949 | } |
950 | ||
fa39ef0e | 951 | static struct sock *unix_find_bsd(struct net *net, struct sockaddr_un *sunaddr, |
d2d8c9fd | 952 | int addr_len, int type) |
fa39ef0e KI |
953 | { |
954 | struct inode *inode; | |
955 | struct path path; | |
956 | struct sock *sk; | |
957 | int err; | |
958 | ||
d2d8c9fd | 959 | unix_mkname_bsd(sunaddr, addr_len); |
fa39ef0e KI |
960 | err = kern_path(sunaddr->sun_path, LOOKUP_FOLLOW, &path); |
961 | if (err) | |
962 | goto fail; | |
963 | ||
964 | err = path_permission(&path, MAY_WRITE); | |
965 | if (err) | |
966 | goto path_put; | |
967 | ||
968 | err = -ECONNREFUSED; | |
969 | inode = d_backing_inode(path.dentry); | |
970 | if (!S_ISSOCK(inode->i_mode)) | |
971 | goto path_put; | |
972 | ||
973 | sk = unix_find_socket_byinode(inode); | |
974 | if (!sk) | |
975 | goto path_put; | |
976 | ||
977 | err = -EPROTOTYPE; | |
978 | if (sk->sk_type == type) | |
979 | touch_atime(&path); | |
980 | else | |
981 | goto sock_put; | |
982 | ||
983 | path_put(&path); | |
984 | ||
985 | return sk; | |
986 | ||
987 | sock_put: | |
988 | sock_put(sk); | |
989 | path_put: | |
990 | path_put(&path); | |
991 | fail: | |
aed26f55 | 992 | return ERR_PTR(err); |
fa39ef0e KI |
993 | } |
994 | ||
995 | static struct sock *unix_find_abstract(struct net *net, | |
996 | struct sockaddr_un *sunaddr, | |
d2d8c9fd | 997 | int addr_len, int type) |
fa39ef0e | 998 | { |
d2d8c9fd | 999 | unsigned int hash = unix_hash_fold(csum_partial(sunaddr, addr_len, 0)); |
fa39ef0e KI |
1000 | struct dentry *dentry; |
1001 | struct sock *sk; | |
1002 | ||
1003 | sk = unix_find_socket_byname(net, sunaddr, addr_len, type ^ hash); | |
aed26f55 KI |
1004 | if (!sk) |
1005 | return ERR_PTR(-ECONNREFUSED); | |
fa39ef0e KI |
1006 | |
1007 | dentry = unix_sk(sk)->path.dentry; | |
1008 | if (dentry) | |
1009 | touch_atime(&unix_sk(sk)->path); | |
1010 | ||
1011 | return sk; | |
1012 | } | |
1013 | ||
1014 | static struct sock *unix_find_other(struct net *net, | |
1015 | struct sockaddr_un *sunaddr, | |
d2d8c9fd | 1016 | int addr_len, int type) |
fa39ef0e KI |
1017 | { |
1018 | struct sock *sk; | |
1019 | ||
1020 | if (sunaddr->sun_path[0]) | |
d2d8c9fd | 1021 | sk = unix_find_bsd(net, sunaddr, addr_len, type); |
fa39ef0e | 1022 | else |
d2d8c9fd | 1023 | sk = unix_find_abstract(net, sunaddr, addr_len, type); |
fa39ef0e KI |
1024 | |
1025 | return sk; | |
1026 | } | |
1027 | ||
f7ed31f4 | 1028 | static int unix_autobind(struct sock *sk) |
1da177e4 | 1029 | { |
1da177e4 | 1030 | struct unix_sock *u = unix_sk(sk); |
6eba6a37 | 1031 | struct unix_address *addr; |
8df73ff9 | 1032 | unsigned int retries = 0; |
f7ed31f4 KI |
1033 | static u32 ordernum = 1; |
1034 | int err; | |
1da177e4 | 1035 | |
6e1ce3c3 | 1036 | err = mutex_lock_interruptible(&u->bindlock); |
37ab4fa7 SL |
1037 | if (err) |
1038 | return err; | |
1da177e4 | 1039 | |
1da177e4 LT |
1040 | if (u->addr) |
1041 | goto out; | |
1042 | ||
1043 | err = -ENOMEM; | |
755662ce KI |
1044 | addr = kzalloc(sizeof(*addr) + |
1045 | offsetof(struct sockaddr_un, sun_path) + 16, GFP_KERNEL); | |
1da177e4 LT |
1046 | if (!addr) |
1047 | goto out; | |
1048 | ||
1da177e4 | 1049 | addr->name->sun_family = AF_UNIX; |
8c9814b9 | 1050 | refcount_set(&addr->refcnt, 1); |
1da177e4 LT |
1051 | |
1052 | retry: | |
755662ce KI |
1053 | addr->len = sprintf(addr->name->sun_path + 1, "%05x", ordernum) + |
1054 | offsetof(struct sockaddr_un, sun_path) + 1; | |
07f0757a | 1055 | addr->hash = unix_hash_fold(csum_partial(addr->name, addr->len, 0)); |
be752283 | 1056 | addr->hash ^= sk->sk_type; |
1da177e4 | 1057 | |
fbe9cc4a | 1058 | spin_lock(&unix_table_lock); |
1da177e4 LT |
1059 | ordernum = (ordernum+1)&0xFFFFF; |
1060 | ||
f7ed31f4 KI |
1061 | if (__unix_find_socket_byname(sock_net(sk), addr->name, addr->len, |
1062 | addr->hash)) { | |
fbe9cc4a | 1063 | spin_unlock(&unix_table_lock); |
8df73ff9 TH |
1064 | /* |
1065 | * __unix_find_socket_byname() may take long time if many names | |
1066 | * are already in use. | |
1067 | */ | |
1068 | cond_resched(); | |
1069 | /* Give up if all names seems to be in use. */ | |
1070 | if (retries++ == 0xFFFFF) { | |
1071 | err = -ENOSPC; | |
1072 | kfree(addr); | |
1073 | goto out; | |
1074 | } | |
1da177e4 LT |
1075 | goto retry; |
1076 | } | |
1da177e4 | 1077 | |
185ab886 | 1078 | __unix_set_addr(sk, addr, addr->hash); |
fbe9cc4a | 1079 | spin_unlock(&unix_table_lock); |
1da177e4 LT |
1080 | err = 0; |
1081 | ||
6e1ce3c3 | 1082 | out: mutex_unlock(&u->bindlock); |
1da177e4 LT |
1083 | return err; |
1084 | } | |
1085 | ||
71e6be6f | 1086 | static int unix_bind_bsd(struct sock *sk, struct unix_address *addr) |
faf02010 | 1087 | { |
71e6be6f AV |
1088 | struct unix_sock *u = unix_sk(sk); |
1089 | umode_t mode = S_IFSOCK | | |
1090 | (SOCK_INODE(sk->sk_socket)->i_mode & ~current_umask()); | |
71e6be6f | 1091 | struct user_namespace *ns; // barf... |
56c1731b | 1092 | struct path parent; |
38f7bd94 | 1093 | struct dentry *dentry; |
71e6be6f AV |
1094 | unsigned int hash; |
1095 | int err; | |
1096 | ||
38f7bd94 LT |
1097 | /* |
1098 | * Get the parent directory, calculate the hash for last | |
1099 | * component. | |
1100 | */ | |
71e6be6f | 1101 | dentry = kern_path_create(AT_FDCWD, addr->name->sun_path, &parent, 0); |
38f7bd94 | 1102 | if (IS_ERR(dentry)) |
71e6be6f AV |
1103 | return PTR_ERR(dentry); |
1104 | ns = mnt_user_ns(parent.mnt); | |
faf02010 | 1105 | |
38f7bd94 LT |
1106 | /* |
1107 | * All right, let's create it. | |
1108 | */ | |
71e6be6f | 1109 | err = security_path_mknod(&parent, dentry, mode, 0); |
56c1731b | 1110 | if (!err) |
71e6be6f | 1111 | err = vfs_mknod(ns, d_inode(parent.dentry), dentry, mode, 0); |
c0c3b8d3 AV |
1112 | if (err) |
1113 | goto out; | |
fa42d910 | 1114 | err = mutex_lock_interruptible(&u->bindlock); |
c0c3b8d3 AV |
1115 | if (err) |
1116 | goto out_unlink; | |
1117 | if (u->addr) | |
1118 | goto out_unlock; | |
fa42d910 AV |
1119 | |
1120 | addr->hash = UNIX_HASH_SIZE; | |
56c1731b | 1121 | hash = d_backing_inode(dentry)->i_ino & (UNIX_HASH_SIZE - 1); |
fa42d910 | 1122 | spin_lock(&unix_table_lock); |
56c1731b AV |
1123 | u->path.mnt = mntget(parent.mnt); |
1124 | u->path.dentry = dget(dentry); | |
fa42d910 AV |
1125 | __unix_set_addr(sk, addr, hash); |
1126 | spin_unlock(&unix_table_lock); | |
1127 | mutex_unlock(&u->bindlock); | |
56c1731b | 1128 | done_path_create(&parent, dentry); |
fa42d910 | 1129 | return 0; |
c0c3b8d3 AV |
1130 | |
1131 | out_unlock: | |
1132 | mutex_unlock(&u->bindlock); | |
1133 | err = -EINVAL; | |
1134 | out_unlink: | |
1135 | /* failed after successful mknod? unlink what we'd created... */ | |
1136 | vfs_unlink(ns, d_inode(parent.dentry), dentry, NULL); | |
1137 | out: | |
1138 | done_path_create(&parent, dentry); | |
1139 | return err; | |
fa42d910 AV |
1140 | } |
1141 | ||
be752283 | 1142 | static int unix_bind_abstract(struct sock *sk, struct unix_address *addr) |
fa42d910 AV |
1143 | { |
1144 | struct unix_sock *u = unix_sk(sk); | |
1145 | int err; | |
1146 | ||
1147 | err = mutex_lock_interruptible(&u->bindlock); | |
1148 | if (err) | |
1149 | return err; | |
1150 | ||
1151 | if (u->addr) { | |
1152 | mutex_unlock(&u->bindlock); | |
1153 | return -EINVAL; | |
1154 | } | |
1155 | ||
5c32a3ed KI |
1156 | addr->hash = unix_hash_fold(csum_partial(addr->name, addr->len, 0)); |
1157 | addr->hash ^= sk->sk_type; | |
1158 | ||
fa42d910 AV |
1159 | spin_lock(&unix_table_lock); |
1160 | if (__unix_find_socket_byname(sock_net(sk), addr->name, addr->len, | |
be752283 | 1161 | addr->hash)) { |
fa42d910 AV |
1162 | spin_unlock(&unix_table_lock); |
1163 | mutex_unlock(&u->bindlock); | |
1164 | return -EADDRINUSE; | |
1165 | } | |
1166 | __unix_set_addr(sk, addr, addr->hash); | |
1167 | spin_unlock(&unix_table_lock); | |
1168 | mutex_unlock(&u->bindlock); | |
1169 | return 0; | |
1170 | } | |
1171 | ||
1da177e4 LT |
1172 | static int unix_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len) |
1173 | { | |
e27dfcea | 1174 | struct sockaddr_un *sunaddr = (struct sockaddr_un *)uaddr; |
dae6ad8f | 1175 | char *sun_path = sunaddr->sun_path; |
5c32a3ed | 1176 | struct sock *sk = sock->sk; |
1da177e4 | 1177 | struct unix_address *addr; |
5c32a3ed | 1178 | int err; |
1da177e4 | 1179 | |
b8a58aa6 KI |
1180 | if (addr_len == offsetof(struct sockaddr_un, sun_path) && |
1181 | sunaddr->sun_family == AF_UNIX) | |
f7ed31f4 | 1182 | return unix_autobind(sk); |
1da177e4 | 1183 | |
b8a58aa6 KI |
1184 | err = unix_validate_addr(sunaddr, addr_len); |
1185 | if (err) | |
1186 | return err; | |
1187 | ||
5c32a3ed KI |
1188 | if (sun_path[0]) { |
1189 | unix_mkname_bsd(sunaddr, addr_len); | |
1190 | addr_len = strlen(sunaddr->sun_path) + | |
1191 | offsetof(struct sockaddr_un, sun_path) + 1; | |
1192 | } | |
1193 | ||
c34d4582 AV |
1194 | addr = kmalloc(sizeof(*addr)+addr_len, GFP_KERNEL); |
1195 | if (!addr) | |
fa42d910 | 1196 | return -ENOMEM; |
c34d4582 AV |
1197 | |
1198 | memcpy(addr->name, sunaddr, addr_len); | |
1199 | addr->len = addr_len; | |
c34d4582 | 1200 | refcount_set(&addr->refcnt, 1); |
1da177e4 | 1201 | |
fa42d910 AV |
1202 | if (sun_path[0]) |
1203 | err = unix_bind_bsd(sk, addr); | |
1204 | else | |
be752283 | 1205 | err = unix_bind_abstract(sk, addr); |
fa42d910 | 1206 | if (err) |
c34d4582 | 1207 | unix_release_addr(addr); |
fa42d910 | 1208 | return err == -EEXIST ? -EADDRINUSE : err; |
1da177e4 LT |
1209 | } |
1210 | ||
278a3de5 DM |
1211 | static void unix_state_double_lock(struct sock *sk1, struct sock *sk2) |
1212 | { | |
1213 | if (unlikely(sk1 == sk2) || !sk2) { | |
1214 | unix_state_lock(sk1); | |
1215 | return; | |
1216 | } | |
1217 | if (sk1 < sk2) { | |
1218 | unix_state_lock(sk1); | |
1219 | unix_state_lock_nested(sk2); | |
1220 | } else { | |
1221 | unix_state_lock(sk2); | |
1222 | unix_state_lock_nested(sk1); | |
1223 | } | |
1224 | } | |
1225 | ||
1226 | static void unix_state_double_unlock(struct sock *sk1, struct sock *sk2) | |
1227 | { | |
1228 | if (unlikely(sk1 == sk2) || !sk2) { | |
1229 | unix_state_unlock(sk1); | |
1230 | return; | |
1231 | } | |
1232 | unix_state_unlock(sk1); | |
1233 | unix_state_unlock(sk2); | |
1234 | } | |
1235 | ||
1da177e4 LT |
1236 | static int unix_dgram_connect(struct socket *sock, struct sockaddr *addr, |
1237 | int alen, int flags) | |
1238 | { | |
1239 | struct sock *sk = sock->sk; | |
3b1e0a65 | 1240 | struct net *net = sock_net(sk); |
e27dfcea | 1241 | struct sockaddr_un *sunaddr = (struct sockaddr_un *)addr; |
1da177e4 | 1242 | struct sock *other; |
1da177e4 LT |
1243 | int err; |
1244 | ||
defbcf2d MJ |
1245 | err = -EINVAL; |
1246 | if (alen < offsetofend(struct sockaddr, sa_family)) | |
1247 | goto out; | |
1248 | ||
1da177e4 | 1249 | if (addr->sa_family != AF_UNSPEC) { |
b8a58aa6 KI |
1250 | err = unix_validate_addr(sunaddr, alen); |
1251 | if (err) | |
1252 | goto out; | |
1253 | ||
1da177e4 | 1254 | if (test_bit(SOCK_PASSCRED, &sock->flags) && |
f7ed31f4 KI |
1255 | !unix_sk(sk)->addr) { |
1256 | err = unix_autobind(sk); | |
1257 | if (err) | |
1258 | goto out; | |
1259 | } | |
1da177e4 | 1260 | |
278a3de5 | 1261 | restart: |
d2d8c9fd | 1262 | other = unix_find_other(net, sunaddr, alen, sock->type); |
aed26f55 KI |
1263 | if (IS_ERR(other)) { |
1264 | err = PTR_ERR(other); | |
1da177e4 | 1265 | goto out; |
aed26f55 | 1266 | } |
1da177e4 | 1267 | |
278a3de5 DM |
1268 | unix_state_double_lock(sk, other); |
1269 | ||
1270 | /* Apparently VFS overslept socket death. Retry. */ | |
1271 | if (sock_flag(other, SOCK_DEAD)) { | |
1272 | unix_state_double_unlock(sk, other); | |
1273 | sock_put(other); | |
1274 | goto restart; | |
1275 | } | |
1da177e4 LT |
1276 | |
1277 | err = -EPERM; | |
1278 | if (!unix_may_send(sk, other)) | |
1279 | goto out_unlock; | |
1280 | ||
1281 | err = security_unix_may_send(sk->sk_socket, other->sk_socket); | |
1282 | if (err) | |
1283 | goto out_unlock; | |
1284 | ||
dc56ad70 | 1285 | sk->sk_state = other->sk_state = TCP_ESTABLISHED; |
1da177e4 LT |
1286 | } else { |
1287 | /* | |
1288 | * 1003.1g breaking connected state with AF_UNSPEC | |
1289 | */ | |
1290 | other = NULL; | |
278a3de5 | 1291 | unix_state_double_lock(sk, other); |
1da177e4 LT |
1292 | } |
1293 | ||
1294 | /* | |
1295 | * If it was connected, reconnect. | |
1296 | */ | |
1297 | if (unix_peer(sk)) { | |
1298 | struct sock *old_peer = unix_peer(sk); | |
dc56ad70 | 1299 | |
e27dfcea | 1300 | unix_peer(sk) = other; |
dc56ad70 ED |
1301 | if (!other) |
1302 | sk->sk_state = TCP_CLOSE; | |
7d267278 RW |
1303 | unix_dgram_peer_wake_disconnect_wakeup(sk, old_peer); |
1304 | ||
278a3de5 | 1305 | unix_state_double_unlock(sk, other); |
1da177e4 LT |
1306 | |
1307 | if (other != old_peer) | |
1308 | unix_dgram_disconnected(sk, old_peer); | |
1309 | sock_put(old_peer); | |
1310 | } else { | |
e27dfcea | 1311 | unix_peer(sk) = other; |
278a3de5 | 1312 | unix_state_double_unlock(sk, other); |
1da177e4 | 1313 | } |
83301b53 | 1314 | |
ac7bfa62 | 1315 | return 0; |
1da177e4 LT |
1316 | |
1317 | out_unlock: | |
278a3de5 | 1318 | unix_state_double_unlock(sk, other); |
1da177e4 LT |
1319 | sock_put(other); |
1320 | out: | |
1321 | return err; | |
1322 | } | |
1323 | ||
1324 | static long unix_wait_for_peer(struct sock *other, long timeo) | |
48851e9e | 1325 | __releases(&unix_sk(other)->lock) |
1da177e4 LT |
1326 | { |
1327 | struct unix_sock *u = unix_sk(other); | |
1328 | int sched; | |
1329 | DEFINE_WAIT(wait); | |
1330 | ||
1331 | prepare_to_wait_exclusive(&u->peer_wait, &wait, TASK_INTERRUPTIBLE); | |
1332 | ||
1333 | sched = !sock_flag(other, SOCK_DEAD) && | |
1334 | !(other->sk_shutdown & RCV_SHUTDOWN) && | |
3c73419c | 1335 | unix_recvq_full(other); |
1da177e4 | 1336 | |
1c92b4e5 | 1337 | unix_state_unlock(other); |
1da177e4 LT |
1338 | |
1339 | if (sched) | |
1340 | timeo = schedule_timeout(timeo); | |
1341 | ||
1342 | finish_wait(&u->peer_wait, &wait); | |
1343 | return timeo; | |
1344 | } | |
1345 | ||
1346 | static int unix_stream_connect(struct socket *sock, struct sockaddr *uaddr, | |
1347 | int addr_len, int flags) | |
1348 | { | |
e27dfcea | 1349 | struct sockaddr_un *sunaddr = (struct sockaddr_un *)uaddr; |
1da177e4 | 1350 | struct sock *sk = sock->sk; |
3b1e0a65 | 1351 | struct net *net = sock_net(sk); |
1da177e4 LT |
1352 | struct unix_sock *u = unix_sk(sk), *newu, *otheru; |
1353 | struct sock *newsk = NULL; | |
1354 | struct sock *other = NULL; | |
1355 | struct sk_buff *skb = NULL; | |
1da177e4 LT |
1356 | int st; |
1357 | int err; | |
1358 | long timeo; | |
1359 | ||
b8a58aa6 KI |
1360 | err = unix_validate_addr(sunaddr, addr_len); |
1361 | if (err) | |
1362 | goto out; | |
1363 | ||
f7ed31f4 KI |
1364 | if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr) { |
1365 | err = unix_autobind(sk); | |
1366 | if (err) | |
1367 | goto out; | |
1368 | } | |
1da177e4 LT |
1369 | |
1370 | timeo = sock_sndtimeo(sk, flags & O_NONBLOCK); | |
1371 | ||
1372 | /* First of all allocate resources. | |
1373 | If we will make it after state is locked, | |
1374 | we will have to recheck all again in any case. | |
1375 | */ | |
1376 | ||
1da177e4 | 1377 | /* create new sock for complete connection */ |
94531cfc | 1378 | newsk = unix_create1(sock_net(sk), NULL, 0, sock->type); |
f4bd73b5 KI |
1379 | if (IS_ERR(newsk)) { |
1380 | err = PTR_ERR(newsk); | |
1381 | newsk = NULL; | |
1da177e4 | 1382 | goto out; |
f4bd73b5 KI |
1383 | } |
1384 | ||
1385 | err = -ENOMEM; | |
1da177e4 LT |
1386 | |
1387 | /* Allocate skb for sending to listening sock */ | |
1388 | skb = sock_wmalloc(newsk, 1, 0, GFP_KERNEL); | |
1389 | if (skb == NULL) | |
1390 | goto out; | |
1391 | ||
1392 | restart: | |
1393 | /* Find listening sock. */ | |
d2d8c9fd | 1394 | other = unix_find_other(net, sunaddr, addr_len, sk->sk_type); |
aed26f55 KI |
1395 | if (IS_ERR(other)) { |
1396 | err = PTR_ERR(other); | |
1397 | other = NULL; | |
1da177e4 | 1398 | goto out; |
aed26f55 | 1399 | } |
1da177e4 LT |
1400 | |
1401 | /* Latch state of peer */ | |
1c92b4e5 | 1402 | unix_state_lock(other); |
1da177e4 LT |
1403 | |
1404 | /* Apparently VFS overslept socket death. Retry. */ | |
1405 | if (sock_flag(other, SOCK_DEAD)) { | |
1c92b4e5 | 1406 | unix_state_unlock(other); |
1da177e4 LT |
1407 | sock_put(other); |
1408 | goto restart; | |
1409 | } | |
1410 | ||
1411 | err = -ECONNREFUSED; | |
1412 | if (other->sk_state != TCP_LISTEN) | |
1413 | goto out_unlock; | |
77238f2b TS |
1414 | if (other->sk_shutdown & RCV_SHUTDOWN) |
1415 | goto out_unlock; | |
1da177e4 | 1416 | |
3c73419c | 1417 | if (unix_recvq_full(other)) { |
1da177e4 LT |
1418 | err = -EAGAIN; |
1419 | if (!timeo) | |
1420 | goto out_unlock; | |
1421 | ||
1422 | timeo = unix_wait_for_peer(other, timeo); | |
1423 | ||
1424 | err = sock_intr_errno(timeo); | |
1425 | if (signal_pending(current)) | |
1426 | goto out; | |
1427 | sock_put(other); | |
1428 | goto restart; | |
ac7bfa62 | 1429 | } |
1da177e4 LT |
1430 | |
1431 | /* Latch our state. | |
1432 | ||
e5537bfc | 1433 | It is tricky place. We need to grab our state lock and cannot |
1da177e4 LT |
1434 | drop lock on peer. It is dangerous because deadlock is |
1435 | possible. Connect to self case and simultaneous | |
1436 | attempt to connect are eliminated by checking socket | |
1437 | state. other is TCP_LISTEN, if sk is TCP_LISTEN we | |
1438 | check this before attempt to grab lock. | |
1439 | ||
1440 | Well, and we have to recheck the state after socket locked. | |
1441 | */ | |
1442 | st = sk->sk_state; | |
1443 | ||
1444 | switch (st) { | |
1445 | case TCP_CLOSE: | |
1446 | /* This is ok... continue with connect */ | |
1447 | break; | |
1448 | case TCP_ESTABLISHED: | |
1449 | /* Socket is already connected */ | |
1450 | err = -EISCONN; | |
1451 | goto out_unlock; | |
1452 | default: | |
1453 | err = -EINVAL; | |
1454 | goto out_unlock; | |
1455 | } | |
1456 | ||
1c92b4e5 | 1457 | unix_state_lock_nested(sk); |
1da177e4 LT |
1458 | |
1459 | if (sk->sk_state != st) { | |
1c92b4e5 DM |
1460 | unix_state_unlock(sk); |
1461 | unix_state_unlock(other); | |
1da177e4 LT |
1462 | sock_put(other); |
1463 | goto restart; | |
1464 | } | |
1465 | ||
3610cda5 | 1466 | err = security_unix_stream_connect(sk, other, newsk); |
1da177e4 | 1467 | if (err) { |
1c92b4e5 | 1468 | unix_state_unlock(sk); |
1da177e4 LT |
1469 | goto out_unlock; |
1470 | } | |
1471 | ||
1472 | /* The way is open! Fastly set all the necessary fields... */ | |
1473 | ||
1474 | sock_hold(sk); | |
1475 | unix_peer(newsk) = sk; | |
1476 | newsk->sk_state = TCP_ESTABLISHED; | |
1477 | newsk->sk_type = sk->sk_type; | |
109f6e39 | 1478 | init_peercred(newsk); |
1da177e4 | 1479 | newu = unix_sk(newsk); |
eaefd110 | 1480 | RCU_INIT_POINTER(newsk->sk_wq, &newu->peer_wq); |
1da177e4 LT |
1481 | otheru = unix_sk(other); |
1482 | ||
ae3b5641 AV |
1483 | /* copy address information from listening to new sock |
1484 | * | |
1485 | * The contents of *(otheru->addr) and otheru->path | |
1486 | * are seen fully set up here, since we have found | |
1487 | * otheru in hash under unix_table_lock. Insertion | |
1488 | * into the hash chain we'd found it in had been done | |
1489 | * in an earlier critical area protected by unix_table_lock, | |
1490 | * the same one where we'd set *(otheru->addr) contents, | |
1491 | * as well as otheru->path and otheru->addr itself. | |
1492 | * | |
1493 | * Using smp_store_release() here to set newu->addr | |
1494 | * is enough to make those stores, as well as stores | |
1495 | * to newu->path visible to anyone who gets newu->addr | |
1496 | * by smp_load_acquire(). IOW, the same warranties | |
1497 | * as for unix_sock instances bound in unix_bind() or | |
1498 | * in unix_autobind(). | |
1499 | */ | |
40ffe67d AV |
1500 | if (otheru->path.dentry) { |
1501 | path_get(&otheru->path); | |
1502 | newu->path = otheru->path; | |
1da177e4 | 1503 | } |
ae3b5641 AV |
1504 | refcount_inc(&otheru->addr->refcnt); |
1505 | smp_store_release(&newu->addr, otheru->addr); | |
1da177e4 LT |
1506 | |
1507 | /* Set credentials */ | |
109f6e39 | 1508 | copy_peercred(sk, other); |
1da177e4 | 1509 | |
1da177e4 LT |
1510 | sock->state = SS_CONNECTED; |
1511 | sk->sk_state = TCP_ESTABLISHED; | |
830a1e5c BL |
1512 | sock_hold(newsk); |
1513 | ||
4e857c58 | 1514 | smp_mb__after_atomic(); /* sock_hold() does an atomic_inc() */ |
830a1e5c | 1515 | unix_peer(sk) = newsk; |
1da177e4 | 1516 | |
1c92b4e5 | 1517 | unix_state_unlock(sk); |
1da177e4 | 1518 | |
4e03d073 | 1519 | /* take ten and send info to listening sock */ |
1da177e4 LT |
1520 | spin_lock(&other->sk_receive_queue.lock); |
1521 | __skb_queue_tail(&other->sk_receive_queue, skb); | |
1da177e4 | 1522 | spin_unlock(&other->sk_receive_queue.lock); |
1c92b4e5 | 1523 | unix_state_unlock(other); |
676d2369 | 1524 | other->sk_data_ready(other); |
1da177e4 LT |
1525 | sock_put(other); |
1526 | return 0; | |
1527 | ||
1528 | out_unlock: | |
1529 | if (other) | |
1c92b4e5 | 1530 | unix_state_unlock(other); |
1da177e4 LT |
1531 | |
1532 | out: | |
40d44446 | 1533 | kfree_skb(skb); |
1da177e4 LT |
1534 | if (newsk) |
1535 | unix_release_sock(newsk, 0); | |
1536 | if (other) | |
1537 | sock_put(other); | |
1538 | return err; | |
1539 | } | |
1540 | ||
1541 | static int unix_socketpair(struct socket *socka, struct socket *sockb) | |
1542 | { | |
e27dfcea | 1543 | struct sock *ska = socka->sk, *skb = sockb->sk; |
1da177e4 LT |
1544 | |
1545 | /* Join our sockets back to back */ | |
1546 | sock_hold(ska); | |
1547 | sock_hold(skb); | |
e27dfcea JK |
1548 | unix_peer(ska) = skb; |
1549 | unix_peer(skb) = ska; | |
109f6e39 EB |
1550 | init_peercred(ska); |
1551 | init_peercred(skb); | |
1da177e4 | 1552 | |
83301b53 CW |
1553 | ska->sk_state = TCP_ESTABLISHED; |
1554 | skb->sk_state = TCP_ESTABLISHED; | |
1555 | socka->state = SS_CONNECTED; | |
1556 | sockb->state = SS_CONNECTED; | |
1da177e4 LT |
1557 | return 0; |
1558 | } | |
1559 | ||
90c6bd34 DB |
1560 | static void unix_sock_inherit_flags(const struct socket *old, |
1561 | struct socket *new) | |
1562 | { | |
1563 | if (test_bit(SOCK_PASSCRED, &old->flags)) | |
1564 | set_bit(SOCK_PASSCRED, &new->flags); | |
1565 | if (test_bit(SOCK_PASSSEC, &old->flags)) | |
1566 | set_bit(SOCK_PASSSEC, &new->flags); | |
1567 | } | |
1568 | ||
cdfbabfb DH |
1569 | static int unix_accept(struct socket *sock, struct socket *newsock, int flags, |
1570 | bool kern) | |
1da177e4 LT |
1571 | { |
1572 | struct sock *sk = sock->sk; | |
1573 | struct sock *tsk; | |
1574 | struct sk_buff *skb; | |
1575 | int err; | |
1576 | ||
1577 | err = -EOPNOTSUPP; | |
6eba6a37 | 1578 | if (sock->type != SOCK_STREAM && sock->type != SOCK_SEQPACKET) |
1da177e4 LT |
1579 | goto out; |
1580 | ||
1581 | err = -EINVAL; | |
1582 | if (sk->sk_state != TCP_LISTEN) | |
1583 | goto out; | |
1584 | ||
1585 | /* If socket state is TCP_LISTEN it cannot change (for now...), | |
1586 | * so that no locks are necessary. | |
1587 | */ | |
1588 | ||
1589 | skb = skb_recv_datagram(sk, 0, flags&O_NONBLOCK, &err); | |
1590 | if (!skb) { | |
1591 | /* This means receive shutdown. */ | |
1592 | if (err == 0) | |
1593 | err = -EINVAL; | |
1594 | goto out; | |
1595 | } | |
1596 | ||
1597 | tsk = skb->sk; | |
1598 | skb_free_datagram(sk, skb); | |
1599 | wake_up_interruptible(&unix_sk(sk)->peer_wait); | |
1600 | ||
1601 | /* attach accepted sock to socket */ | |
1c92b4e5 | 1602 | unix_state_lock(tsk); |
1da177e4 | 1603 | newsock->state = SS_CONNECTED; |
90c6bd34 | 1604 | unix_sock_inherit_flags(sock, newsock); |
1da177e4 | 1605 | sock_graft(tsk, newsock); |
1c92b4e5 | 1606 | unix_state_unlock(tsk); |
1da177e4 LT |
1607 | return 0; |
1608 | ||
1609 | out: | |
1610 | return err; | |
1611 | } | |
1612 | ||
1613 | ||
9b2c45d4 | 1614 | static int unix_getname(struct socket *sock, struct sockaddr *uaddr, int peer) |
1da177e4 LT |
1615 | { |
1616 | struct sock *sk = sock->sk; | |
ae3b5641 | 1617 | struct unix_address *addr; |
13cfa97b | 1618 | DECLARE_SOCKADDR(struct sockaddr_un *, sunaddr, uaddr); |
1da177e4 LT |
1619 | int err = 0; |
1620 | ||
1621 | if (peer) { | |
1622 | sk = unix_peer_get(sk); | |
1623 | ||
1624 | err = -ENOTCONN; | |
1625 | if (!sk) | |
1626 | goto out; | |
1627 | err = 0; | |
1628 | } else { | |
1629 | sock_hold(sk); | |
1630 | } | |
1631 | ||
ae3b5641 AV |
1632 | addr = smp_load_acquire(&unix_sk(sk)->addr); |
1633 | if (!addr) { | |
1da177e4 LT |
1634 | sunaddr->sun_family = AF_UNIX; |
1635 | sunaddr->sun_path[0] = 0; | |
755662ce | 1636 | err = offsetof(struct sockaddr_un, sun_path); |
1da177e4 | 1637 | } else { |
9b2c45d4 DV |
1638 | err = addr->len; |
1639 | memcpy(sunaddr, addr->name, addr->len); | |
1da177e4 | 1640 | } |
1da177e4 LT |
1641 | sock_put(sk); |
1642 | out: | |
1643 | return err; | |
1644 | } | |
1645 | ||
cbcf0112 MS |
1646 | static void unix_peek_fds(struct scm_cookie *scm, struct sk_buff *skb) |
1647 | { | |
1648 | scm->fp = scm_fp_dup(UNIXCB(skb).fp); | |
1649 | ||
1650 | /* | |
1651 | * Garbage collection of unix sockets starts by selecting a set of | |
1652 | * candidate sockets which have reference only from being in flight | |
1653 | * (total_refs == inflight_refs). This condition is checked once during | |
1654 | * the candidate collection phase, and candidates are marked as such, so | |
1655 | * that non-candidates can later be ignored. While inflight_refs is | |
1656 | * protected by unix_gc_lock, total_refs (file count) is not, hence this | |
1657 | * is an instantaneous decision. | |
1658 | * | |
1659 | * Once a candidate, however, the socket must not be reinstalled into a | |
1660 | * file descriptor while the garbage collection is in progress. | |
1661 | * | |
1662 | * If the above conditions are met, then the directed graph of | |
1663 | * candidates (*) does not change while unix_gc_lock is held. | |
1664 | * | |
1665 | * Any operations that changes the file count through file descriptors | |
1666 | * (dup, close, sendmsg) does not change the graph since candidates are | |
1667 | * not installed in fds. | |
1668 | * | |
1669 | * Dequeing a candidate via recvmsg would install it into an fd, but | |
1670 | * that takes unix_gc_lock to decrement the inflight count, so it's | |
1671 | * serialized with garbage collection. | |
1672 | * | |
1673 | * MSG_PEEK is special in that it does not change the inflight count, | |
1674 | * yet does install the socket into an fd. The following lock/unlock | |
1675 | * pair is to ensure serialization with garbage collection. It must be | |
1676 | * done between incrementing the file count and installing the file into | |
1677 | * an fd. | |
1678 | * | |
1679 | * If garbage collection starts after the barrier provided by the | |
1680 | * lock/unlock, then it will see the elevated refcount and not mark this | |
1681 | * as a candidate. If a garbage collection is already in progress | |
1682 | * before the file count was incremented, then the lock/unlock pair will | |
1683 | * ensure that garbage collection is finished before progressing to | |
1684 | * installing the fd. | |
1685 | * | |
1686 | * (*) A -> B where B is on the queue of A or B is on the queue of C | |
1687 | * which is on the queue of listening socket A. | |
1688 | */ | |
1689 | spin_lock(&unix_gc_lock); | |
1690 | spin_unlock(&unix_gc_lock); | |
1691 | } | |
1692 | ||
f78a5fda | 1693 | static int unix_scm_to_skb(struct scm_cookie *scm, struct sk_buff *skb, bool send_fds) |
7361c36c EB |
1694 | { |
1695 | int err = 0; | |
16e57262 | 1696 | |
f78a5fda | 1697 | UNIXCB(skb).pid = get_pid(scm->pid); |
6b0ee8c0 EB |
1698 | UNIXCB(skb).uid = scm->creds.uid; |
1699 | UNIXCB(skb).gid = scm->creds.gid; | |
7361c36c | 1700 | UNIXCB(skb).fp = NULL; |
37a9a8df | 1701 | unix_get_secdata(scm, skb); |
7361c36c EB |
1702 | if (scm->fp && send_fds) |
1703 | err = unix_attach_fds(scm, skb); | |
1704 | ||
1705 | skb->destructor = unix_destruct_scm; | |
1706 | return err; | |
1707 | } | |
1708 | ||
9490f886 HFS |
1709 | static bool unix_passcred_enabled(const struct socket *sock, |
1710 | const struct sock *other) | |
1711 | { | |
1712 | return test_bit(SOCK_PASSCRED, &sock->flags) || | |
1713 | !other->sk_socket || | |
1714 | test_bit(SOCK_PASSCRED, &other->sk_socket->flags); | |
1715 | } | |
1716 | ||
16e57262 ED |
1717 | /* |
1718 | * Some apps rely on write() giving SCM_CREDENTIALS | |
1719 | * We include credentials if source or destination socket | |
1720 | * asserted SOCK_PASSCRED. | |
1721 | */ | |
1722 | static void maybe_add_creds(struct sk_buff *skb, const struct socket *sock, | |
1723 | const struct sock *other) | |
1724 | { | |
6b0ee8c0 | 1725 | if (UNIXCB(skb).pid) |
16e57262 | 1726 | return; |
9490f886 | 1727 | if (unix_passcred_enabled(sock, other)) { |
16e57262 | 1728 | UNIXCB(skb).pid = get_pid(task_tgid(current)); |
6e0895c2 | 1729 | current_uid_gid(&UNIXCB(skb).uid, &UNIXCB(skb).gid); |
16e57262 ED |
1730 | } |
1731 | } | |
1732 | ||
9490f886 HFS |
1733 | static int maybe_init_creds(struct scm_cookie *scm, |
1734 | struct socket *socket, | |
1735 | const struct sock *other) | |
1736 | { | |
1737 | int err; | |
1738 | struct msghdr msg = { .msg_controllen = 0 }; | |
1739 | ||
1740 | err = scm_send(socket, &msg, scm, false); | |
1741 | if (err) | |
1742 | return err; | |
1743 | ||
1744 | if (unix_passcred_enabled(socket, other)) { | |
1745 | scm->pid = get_pid(task_tgid(current)); | |
1746 | current_uid_gid(&scm->creds.uid, &scm->creds.gid); | |
1747 | } | |
1748 | return err; | |
1749 | } | |
1750 | ||
1751 | static bool unix_skb_scm_eq(struct sk_buff *skb, | |
1752 | struct scm_cookie *scm) | |
1753 | { | |
1754 | const struct unix_skb_parms *u = &UNIXCB(skb); | |
1755 | ||
1756 | return u->pid == scm->pid && | |
1757 | uid_eq(u->uid, scm->creds.uid) && | |
1758 | gid_eq(u->gid, scm->creds.gid) && | |
1759 | unix_secdata_eq(scm, skb); | |
1760 | } | |
1761 | ||
3c32da19 KT |
1762 | static void scm_stat_add(struct sock *sk, struct sk_buff *skb) |
1763 | { | |
1764 | struct scm_fp_list *fp = UNIXCB(skb).fp; | |
1765 | struct unix_sock *u = unix_sk(sk); | |
1766 | ||
3c32da19 | 1767 | if (unlikely(fp && fp->count)) |
7782040b | 1768 | atomic_add(fp->count, &u->scm_stat.nr_fds); |
3c32da19 KT |
1769 | } |
1770 | ||
1771 | static void scm_stat_del(struct sock *sk, struct sk_buff *skb) | |
1772 | { | |
1773 | struct scm_fp_list *fp = UNIXCB(skb).fp; | |
1774 | struct unix_sock *u = unix_sk(sk); | |
1775 | ||
3c32da19 | 1776 | if (unlikely(fp && fp->count)) |
7782040b | 1777 | atomic_sub(fp->count, &u->scm_stat.nr_fds); |
3c32da19 KT |
1778 | } |
1779 | ||
1da177e4 LT |
1780 | /* |
1781 | * Send AF_UNIX data. | |
1782 | */ | |
1783 | ||
1b784140 YX |
1784 | static int unix_dgram_sendmsg(struct socket *sock, struct msghdr *msg, |
1785 | size_t len) | |
1da177e4 | 1786 | { |
1da177e4 | 1787 | struct sock *sk = sock->sk; |
3b1e0a65 | 1788 | struct net *net = sock_net(sk); |
1da177e4 | 1789 | struct unix_sock *u = unix_sk(sk); |
342dfc30 | 1790 | DECLARE_SOCKADDR(struct sockaddr_un *, sunaddr, msg->msg_name); |
1da177e4 | 1791 | struct sock *other = NULL; |
1da177e4 | 1792 | int err; |
f78a5fda | 1793 | struct sk_buff *skb; |
1da177e4 | 1794 | long timeo; |
7cc05662 | 1795 | struct scm_cookie scm; |
eb6a2481 | 1796 | int data_len = 0; |
7d267278 | 1797 | int sk_locked; |
1da177e4 | 1798 | |
5f23b734 | 1799 | wait_for_unix_gc(); |
7cc05662 | 1800 | err = scm_send(sock, msg, &scm, false); |
1da177e4 LT |
1801 | if (err < 0) |
1802 | return err; | |
1803 | ||
1804 | err = -EOPNOTSUPP; | |
1805 | if (msg->msg_flags&MSG_OOB) | |
1806 | goto out; | |
1807 | ||
1808 | if (msg->msg_namelen) { | |
b8a58aa6 KI |
1809 | err = unix_validate_addr(sunaddr, msg->msg_namelen); |
1810 | if (err) | |
1811 | goto out; | |
1da177e4 LT |
1812 | } else { |
1813 | sunaddr = NULL; | |
1814 | err = -ENOTCONN; | |
1815 | other = unix_peer_get(sk); | |
1816 | if (!other) | |
1817 | goto out; | |
1818 | } | |
1819 | ||
f7ed31f4 KI |
1820 | if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr) { |
1821 | err = unix_autobind(sk); | |
1822 | if (err) | |
1823 | goto out; | |
1824 | } | |
1da177e4 LT |
1825 | |
1826 | err = -EMSGSIZE; | |
1827 | if (len > sk->sk_sndbuf - 32) | |
1828 | goto out; | |
1829 | ||
31ff6aa5 | 1830 | if (len > SKB_MAX_ALLOC) { |
eb6a2481 ED |
1831 | data_len = min_t(size_t, |
1832 | len - SKB_MAX_ALLOC, | |
1833 | MAX_SKB_FRAGS * PAGE_SIZE); | |
31ff6aa5 KT |
1834 | data_len = PAGE_ALIGN(data_len); |
1835 | ||
1836 | BUILD_BUG_ON(SKB_MAX_ALLOC < PAGE_SIZE); | |
1837 | } | |
eb6a2481 ED |
1838 | |
1839 | skb = sock_alloc_send_pskb(sk, len - data_len, data_len, | |
28d64271 ED |
1840 | msg->msg_flags & MSG_DONTWAIT, &err, |
1841 | PAGE_ALLOC_COSTLY_ORDER); | |
e27dfcea | 1842 | if (skb == NULL) |
1da177e4 LT |
1843 | goto out; |
1844 | ||
7cc05662 | 1845 | err = unix_scm_to_skb(&scm, skb, true); |
25888e30 | 1846 | if (err < 0) |
7361c36c | 1847 | goto out_free; |
877ce7c1 | 1848 | |
eb6a2481 ED |
1849 | skb_put(skb, len - data_len); |
1850 | skb->data_len = data_len; | |
1851 | skb->len = len; | |
c0371da6 | 1852 | err = skb_copy_datagram_from_iter(skb, 0, &msg->msg_iter, len); |
1da177e4 LT |
1853 | if (err) |
1854 | goto out_free; | |
1855 | ||
1856 | timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT); | |
1857 | ||
1858 | restart: | |
1859 | if (!other) { | |
1860 | err = -ECONNRESET; | |
1861 | if (sunaddr == NULL) | |
1862 | goto out_free; | |
1863 | ||
d2d8c9fd KI |
1864 | other = unix_find_other(net, sunaddr, msg->msg_namelen, |
1865 | sk->sk_type); | |
aed26f55 KI |
1866 | if (IS_ERR(other)) { |
1867 | err = PTR_ERR(other); | |
1868 | other = NULL; | |
1da177e4 | 1869 | goto out_free; |
aed26f55 | 1870 | } |
1da177e4 LT |
1871 | } |
1872 | ||
d6ae3bae AC |
1873 | if (sk_filter(other, skb) < 0) { |
1874 | /* Toss the packet but do not return any error to the sender */ | |
1875 | err = len; | |
1876 | goto out_free; | |
1877 | } | |
1878 | ||
7d267278 | 1879 | sk_locked = 0; |
1c92b4e5 | 1880 | unix_state_lock(other); |
7d267278 | 1881 | restart_locked: |
1da177e4 LT |
1882 | err = -EPERM; |
1883 | if (!unix_may_send(sk, other)) | |
1884 | goto out_unlock; | |
1885 | ||
7d267278 | 1886 | if (unlikely(sock_flag(other, SOCK_DEAD))) { |
1da177e4 LT |
1887 | /* |
1888 | * Check with 1003.1g - what should | |
1889 | * datagram error | |
1890 | */ | |
1c92b4e5 | 1891 | unix_state_unlock(other); |
1da177e4 LT |
1892 | sock_put(other); |
1893 | ||
7d267278 RW |
1894 | if (!sk_locked) |
1895 | unix_state_lock(sk); | |
1896 | ||
1da177e4 | 1897 | err = 0; |
1da177e4 | 1898 | if (unix_peer(sk) == other) { |
e27dfcea | 1899 | unix_peer(sk) = NULL; |
7d267278 RW |
1900 | unix_dgram_peer_wake_disconnect_wakeup(sk, other); |
1901 | ||
1c92b4e5 | 1902 | unix_state_unlock(sk); |
1da177e4 | 1903 | |
dc56ad70 | 1904 | sk->sk_state = TCP_CLOSE; |
1da177e4 LT |
1905 | unix_dgram_disconnected(sk, other); |
1906 | sock_put(other); | |
1907 | err = -ECONNREFUSED; | |
1908 | } else { | |
1c92b4e5 | 1909 | unix_state_unlock(sk); |
1da177e4 LT |
1910 | } |
1911 | ||
1912 | other = NULL; | |
1913 | if (err) | |
1914 | goto out_free; | |
1915 | goto restart; | |
1916 | } | |
1917 | ||
1918 | err = -EPIPE; | |
1919 | if (other->sk_shutdown & RCV_SHUTDOWN) | |
1920 | goto out_unlock; | |
1921 | ||
1922 | if (sk->sk_type != SOCK_SEQPACKET) { | |
1923 | err = security_unix_may_send(sk->sk_socket, other->sk_socket); | |
1924 | if (err) | |
1925 | goto out_unlock; | |
1926 | } | |
1927 | ||
a5527dda RW |
1928 | /* other == sk && unix_peer(other) != sk if |
1929 | * - unix_peer(sk) == NULL, destination address bound to sk | |
1930 | * - unix_peer(sk) == sk by time of get but disconnected before lock | |
1931 | */ | |
1932 | if (other != sk && | |
86b18aaa QC |
1933 | unlikely(unix_peer(other) != sk && |
1934 | unix_recvq_full_lockless(other))) { | |
7d267278 RW |
1935 | if (timeo) { |
1936 | timeo = unix_wait_for_peer(other, timeo); | |
1937 | ||
1938 | err = sock_intr_errno(timeo); | |
1939 | if (signal_pending(current)) | |
1940 | goto out_free; | |
1941 | ||
1942 | goto restart; | |
1da177e4 LT |
1943 | } |
1944 | ||
7d267278 RW |
1945 | if (!sk_locked) { |
1946 | unix_state_unlock(other); | |
1947 | unix_state_double_lock(sk, other); | |
1948 | } | |
1da177e4 | 1949 | |
7d267278 RW |
1950 | if (unix_peer(sk) != other || |
1951 | unix_dgram_peer_wake_me(sk, other)) { | |
1952 | err = -EAGAIN; | |
1953 | sk_locked = 1; | |
1954 | goto out_unlock; | |
1955 | } | |
1da177e4 | 1956 | |
7d267278 RW |
1957 | if (!sk_locked) { |
1958 | sk_locked = 1; | |
1959 | goto restart_locked; | |
1960 | } | |
1da177e4 LT |
1961 | } |
1962 | ||
7d267278 RW |
1963 | if (unlikely(sk_locked)) |
1964 | unix_state_unlock(sk); | |
1965 | ||
3f66116e AC |
1966 | if (sock_flag(other, SOCK_RCVTSTAMP)) |
1967 | __net_timestamp(skb); | |
16e57262 | 1968 | maybe_add_creds(skb, sock, other); |
3c32da19 | 1969 | scm_stat_add(other, skb); |
7782040b | 1970 | skb_queue_tail(&other->sk_receive_queue, skb); |
1c92b4e5 | 1971 | unix_state_unlock(other); |
676d2369 | 1972 | other->sk_data_ready(other); |
1da177e4 | 1973 | sock_put(other); |
7cc05662 | 1974 | scm_destroy(&scm); |
1da177e4 LT |
1975 | return len; |
1976 | ||
1977 | out_unlock: | |
7d267278 RW |
1978 | if (sk_locked) |
1979 | unix_state_unlock(sk); | |
1c92b4e5 | 1980 | unix_state_unlock(other); |
1da177e4 LT |
1981 | out_free: |
1982 | kfree_skb(skb); | |
1983 | out: | |
1984 | if (other) | |
1985 | sock_put(other); | |
7cc05662 | 1986 | scm_destroy(&scm); |
1da177e4 LT |
1987 | return err; |
1988 | } | |
1989 | ||
e370a723 | 1990 | /* We use paged skbs for stream sockets, and limit occupancy to 32768 |
d4e9a408 | 1991 | * bytes, and a minimum of a full page. |
e370a723 ED |
1992 | */ |
1993 | #define UNIX_SKB_FRAGS_SZ (PAGE_SIZE << get_order(32768)) | |
ac7bfa62 | 1994 | |
314001f0 RS |
1995 | #if (IS_ENABLED(CONFIG_AF_UNIX_OOB)) |
1996 | static int queue_oob(struct socket *sock, struct msghdr *msg, struct sock *other) | |
1997 | { | |
1998 | struct unix_sock *ousk = unix_sk(other); | |
1999 | struct sk_buff *skb; | |
2000 | int err = 0; | |
2001 | ||
2002 | skb = sock_alloc_send_skb(sock->sk, 1, msg->msg_flags & MSG_DONTWAIT, &err); | |
2003 | ||
2004 | if (!skb) | |
2005 | return err; | |
2006 | ||
2007 | skb_put(skb, 1); | |
314001f0 RS |
2008 | err = skb_copy_datagram_from_iter(skb, 0, &msg->msg_iter, 1); |
2009 | ||
2010 | if (err) { | |
2011 | kfree_skb(skb); | |
2012 | return err; | |
2013 | } | |
2014 | ||
2015 | unix_state_lock(other); | |
19eed721 RS |
2016 | |
2017 | if (sock_flag(other, SOCK_DEAD) || | |
2018 | (other->sk_shutdown & RCV_SHUTDOWN)) { | |
2019 | unix_state_unlock(other); | |
2020 | kfree_skb(skb); | |
2021 | return -EPIPE; | |
2022 | } | |
2023 | ||
314001f0 RS |
2024 | maybe_add_creds(skb, sock, other); |
2025 | skb_get(skb); | |
2026 | ||
2027 | if (ousk->oob_skb) | |
19eed721 | 2028 | consume_skb(ousk->oob_skb); |
314001f0 RS |
2029 | |
2030 | ousk->oob_skb = skb; | |
2031 | ||
2032 | scm_stat_add(other, skb); | |
2033 | skb_queue_tail(&other->sk_receive_queue, skb); | |
2034 | sk_send_sigurg(other); | |
2035 | unix_state_unlock(other); | |
2036 | other->sk_data_ready(other); | |
2037 | ||
2038 | return err; | |
2039 | } | |
2040 | #endif | |
2041 | ||
1b784140 YX |
2042 | static int unix_stream_sendmsg(struct socket *sock, struct msghdr *msg, |
2043 | size_t len) | |
1da177e4 | 2044 | { |
1da177e4 LT |
2045 | struct sock *sk = sock->sk; |
2046 | struct sock *other = NULL; | |
6eba6a37 | 2047 | int err, size; |
f78a5fda | 2048 | struct sk_buff *skb; |
e27dfcea | 2049 | int sent = 0; |
7cc05662 | 2050 | struct scm_cookie scm; |
8ba69ba6 | 2051 | bool fds_sent = false; |
e370a723 | 2052 | int data_len; |
1da177e4 | 2053 | |
5f23b734 | 2054 | wait_for_unix_gc(); |
7cc05662 | 2055 | err = scm_send(sock, msg, &scm, false); |
1da177e4 LT |
2056 | if (err < 0) |
2057 | return err; | |
2058 | ||
2059 | err = -EOPNOTSUPP; | |
314001f0 RS |
2060 | if (msg->msg_flags & MSG_OOB) { |
2061 | #if (IS_ENABLED(CONFIG_AF_UNIX_OOB)) | |
2062 | if (len) | |
2063 | len--; | |
2064 | else | |
2065 | #endif | |
2066 | goto out_err; | |
2067 | } | |
1da177e4 LT |
2068 | |
2069 | if (msg->msg_namelen) { | |
2070 | err = sk->sk_state == TCP_ESTABLISHED ? -EISCONN : -EOPNOTSUPP; | |
2071 | goto out_err; | |
2072 | } else { | |
1da177e4 | 2073 | err = -ENOTCONN; |
830a1e5c | 2074 | other = unix_peer(sk); |
1da177e4 LT |
2075 | if (!other) |
2076 | goto out_err; | |
2077 | } | |
2078 | ||
2079 | if (sk->sk_shutdown & SEND_SHUTDOWN) | |
2080 | goto pipe_err; | |
2081 | ||
6eba6a37 | 2082 | while (sent < len) { |
e370a723 | 2083 | size = len - sent; |
1da177e4 LT |
2084 | |
2085 | /* Keep two messages in the pipe so it schedules better */ | |
e370a723 | 2086 | size = min_t(int, size, (sk->sk_sndbuf >> 1) - 64); |
1da177e4 | 2087 | |
e370a723 ED |
2088 | /* allow fallback to order-0 allocations */ |
2089 | size = min_t(int, size, SKB_MAX_HEAD(0) + UNIX_SKB_FRAGS_SZ); | |
ac7bfa62 | 2090 | |
e370a723 | 2091 | data_len = max_t(int, 0, size - SKB_MAX_HEAD(0)); |
1da177e4 | 2092 | |
31ff6aa5 KT |
2093 | data_len = min_t(size_t, size, PAGE_ALIGN(data_len)); |
2094 | ||
e370a723 | 2095 | skb = sock_alloc_send_pskb(sk, size - data_len, data_len, |
28d64271 ED |
2096 | msg->msg_flags & MSG_DONTWAIT, &err, |
2097 | get_order(UNIX_SKB_FRAGS_SZ)); | |
e370a723 | 2098 | if (!skb) |
1da177e4 LT |
2099 | goto out_err; |
2100 | ||
f78a5fda | 2101 | /* Only send the fds in the first buffer */ |
7cc05662 | 2102 | err = unix_scm_to_skb(&scm, skb, !fds_sent); |
25888e30 | 2103 | if (err < 0) { |
7361c36c | 2104 | kfree_skb(skb); |
f78a5fda | 2105 | goto out_err; |
6209344f | 2106 | } |
7361c36c | 2107 | fds_sent = true; |
1da177e4 | 2108 | |
e370a723 ED |
2109 | skb_put(skb, size - data_len); |
2110 | skb->data_len = data_len; | |
2111 | skb->len = size; | |
c0371da6 | 2112 | err = skb_copy_datagram_from_iter(skb, 0, &msg->msg_iter, size); |
6eba6a37 | 2113 | if (err) { |
1da177e4 | 2114 | kfree_skb(skb); |
f78a5fda | 2115 | goto out_err; |
1da177e4 LT |
2116 | } |
2117 | ||
1c92b4e5 | 2118 | unix_state_lock(other); |
1da177e4 LT |
2119 | |
2120 | if (sock_flag(other, SOCK_DEAD) || | |
2121 | (other->sk_shutdown & RCV_SHUTDOWN)) | |
2122 | goto pipe_err_free; | |
2123 | ||
16e57262 | 2124 | maybe_add_creds(skb, sock, other); |
3c32da19 | 2125 | scm_stat_add(other, skb); |
7782040b | 2126 | skb_queue_tail(&other->sk_receive_queue, skb); |
1c92b4e5 | 2127 | unix_state_unlock(other); |
676d2369 | 2128 | other->sk_data_ready(other); |
e27dfcea | 2129 | sent += size; |
1da177e4 | 2130 | } |
1da177e4 | 2131 | |
314001f0 RS |
2132 | #if (IS_ENABLED(CONFIG_AF_UNIX_OOB)) |
2133 | if (msg->msg_flags & MSG_OOB) { | |
2134 | err = queue_oob(sock, msg, other); | |
2135 | if (err) | |
2136 | goto out_err; | |
2137 | sent++; | |
2138 | } | |
2139 | #endif | |
2140 | ||
7cc05662 | 2141 | scm_destroy(&scm); |
1da177e4 LT |
2142 | |
2143 | return sent; | |
2144 | ||
2145 | pipe_err_free: | |
1c92b4e5 | 2146 | unix_state_unlock(other); |
1da177e4 LT |
2147 | kfree_skb(skb); |
2148 | pipe_err: | |
6eba6a37 ED |
2149 | if (sent == 0 && !(msg->msg_flags&MSG_NOSIGNAL)) |
2150 | send_sig(SIGPIPE, current, 0); | |
1da177e4 LT |
2151 | err = -EPIPE; |
2152 | out_err: | |
7cc05662 | 2153 | scm_destroy(&scm); |
1da177e4 LT |
2154 | return sent ? : err; |
2155 | } | |
2156 | ||
869e7c62 HFS |
2157 | static ssize_t unix_stream_sendpage(struct socket *socket, struct page *page, |
2158 | int offset, size_t size, int flags) | |
2159 | { | |
9490f886 HFS |
2160 | int err; |
2161 | bool send_sigpipe = false; | |
2162 | bool init_scm = true; | |
2163 | struct scm_cookie scm; | |
869e7c62 HFS |
2164 | struct sock *other, *sk = socket->sk; |
2165 | struct sk_buff *skb, *newskb = NULL, *tail = NULL; | |
2166 | ||
2167 | if (flags & MSG_OOB) | |
2168 | return -EOPNOTSUPP; | |
2169 | ||
2170 | other = unix_peer(sk); | |
2171 | if (!other || sk->sk_state != TCP_ESTABLISHED) | |
2172 | return -ENOTCONN; | |
2173 | ||
2174 | if (false) { | |
2175 | alloc_skb: | |
2176 | unix_state_unlock(other); | |
6e1ce3c3 | 2177 | mutex_unlock(&unix_sk(other)->iolock); |
869e7c62 HFS |
2178 | newskb = sock_alloc_send_pskb(sk, 0, 0, flags & MSG_DONTWAIT, |
2179 | &err, 0); | |
2180 | if (!newskb) | |
9490f886 | 2181 | goto err; |
869e7c62 HFS |
2182 | } |
2183 | ||
6e1ce3c3 | 2184 | /* we must acquire iolock as we modify already present |
869e7c62 HFS |
2185 | * skbs in the sk_receive_queue and mess with skb->len |
2186 | */ | |
6e1ce3c3 | 2187 | err = mutex_lock_interruptible(&unix_sk(other)->iolock); |
869e7c62 HFS |
2188 | if (err) { |
2189 | err = flags & MSG_DONTWAIT ? -EAGAIN : -ERESTARTSYS; | |
869e7c62 HFS |
2190 | goto err; |
2191 | } | |
2192 | ||
2193 | if (sk->sk_shutdown & SEND_SHUTDOWN) { | |
2194 | err = -EPIPE; | |
9490f886 | 2195 | send_sigpipe = true; |
869e7c62 HFS |
2196 | goto err_unlock; |
2197 | } | |
2198 | ||
2199 | unix_state_lock(other); | |
2200 | ||
2201 | if (sock_flag(other, SOCK_DEAD) || | |
2202 | other->sk_shutdown & RCV_SHUTDOWN) { | |
2203 | err = -EPIPE; | |
9490f886 | 2204 | send_sigpipe = true; |
869e7c62 HFS |
2205 | goto err_state_unlock; |
2206 | } | |
2207 | ||
9490f886 HFS |
2208 | if (init_scm) { |
2209 | err = maybe_init_creds(&scm, socket, other); | |
2210 | if (err) | |
2211 | goto err_state_unlock; | |
2212 | init_scm = false; | |
2213 | } | |
2214 | ||
869e7c62 HFS |
2215 | skb = skb_peek_tail(&other->sk_receive_queue); |
2216 | if (tail && tail == skb) { | |
2217 | skb = newskb; | |
9490f886 HFS |
2218 | } else if (!skb || !unix_skb_scm_eq(skb, &scm)) { |
2219 | if (newskb) { | |
869e7c62 | 2220 | skb = newskb; |
9490f886 HFS |
2221 | } else { |
2222 | tail = skb; | |
869e7c62 | 2223 | goto alloc_skb; |
9490f886 | 2224 | } |
869e7c62 HFS |
2225 | } else if (newskb) { |
2226 | /* this is fast path, we don't necessarily need to | |
2227 | * call to kfree_skb even though with newskb == NULL | |
2228 | * this - does no harm | |
2229 | */ | |
2230 | consume_skb(newskb); | |
8844f972 | 2231 | newskb = NULL; |
869e7c62 HFS |
2232 | } |
2233 | ||
2234 | if (skb_append_pagefrags(skb, page, offset, size)) { | |
2235 | tail = skb; | |
2236 | goto alloc_skb; | |
2237 | } | |
2238 | ||
2239 | skb->len += size; | |
2240 | skb->data_len += size; | |
2241 | skb->truesize += size; | |
14afee4b | 2242 | refcount_add(size, &sk->sk_wmem_alloc); |
869e7c62 | 2243 | |
a3a116e0 | 2244 | if (newskb) { |
9490f886 HFS |
2245 | err = unix_scm_to_skb(&scm, skb, false); |
2246 | if (err) | |
2247 | goto err_state_unlock; | |
a3a116e0 | 2248 | spin_lock(&other->sk_receive_queue.lock); |
869e7c62 | 2249 | __skb_queue_tail(&other->sk_receive_queue, newskb); |
a3a116e0 HFS |
2250 | spin_unlock(&other->sk_receive_queue.lock); |
2251 | } | |
869e7c62 HFS |
2252 | |
2253 | unix_state_unlock(other); | |
6e1ce3c3 | 2254 | mutex_unlock(&unix_sk(other)->iolock); |
869e7c62 HFS |
2255 | |
2256 | other->sk_data_ready(other); | |
9490f886 | 2257 | scm_destroy(&scm); |
869e7c62 HFS |
2258 | return size; |
2259 | ||
2260 | err_state_unlock: | |
2261 | unix_state_unlock(other); | |
2262 | err_unlock: | |
6e1ce3c3 | 2263 | mutex_unlock(&unix_sk(other)->iolock); |
869e7c62 HFS |
2264 | err: |
2265 | kfree_skb(newskb); | |
2266 | if (send_sigpipe && !(flags & MSG_NOSIGNAL)) | |
2267 | send_sig(SIGPIPE, current, 0); | |
9490f886 HFS |
2268 | if (!init_scm) |
2269 | scm_destroy(&scm); | |
869e7c62 HFS |
2270 | return err; |
2271 | } | |
2272 | ||
1b784140 YX |
2273 | static int unix_seqpacket_sendmsg(struct socket *sock, struct msghdr *msg, |
2274 | size_t len) | |
1da177e4 LT |
2275 | { |
2276 | int err; | |
2277 | struct sock *sk = sock->sk; | |
ac7bfa62 | 2278 | |
1da177e4 LT |
2279 | err = sock_error(sk); |
2280 | if (err) | |
2281 | return err; | |
2282 | ||
2283 | if (sk->sk_state != TCP_ESTABLISHED) | |
2284 | return -ENOTCONN; | |
2285 | ||
2286 | if (msg->msg_namelen) | |
2287 | msg->msg_namelen = 0; | |
2288 | ||
1b784140 | 2289 | return unix_dgram_sendmsg(sock, msg, len); |
1da177e4 | 2290 | } |
ac7bfa62 | 2291 | |
1b784140 YX |
2292 | static int unix_seqpacket_recvmsg(struct socket *sock, struct msghdr *msg, |
2293 | size_t size, int flags) | |
a05d2ad1 EB |
2294 | { |
2295 | struct sock *sk = sock->sk; | |
2296 | ||
2297 | if (sk->sk_state != TCP_ESTABLISHED) | |
2298 | return -ENOTCONN; | |
2299 | ||
1b784140 | 2300 | return unix_dgram_recvmsg(sock, msg, size, flags); |
a05d2ad1 EB |
2301 | } |
2302 | ||
1da177e4 LT |
2303 | static void unix_copy_addr(struct msghdr *msg, struct sock *sk) |
2304 | { | |
ae3b5641 | 2305 | struct unix_address *addr = smp_load_acquire(&unix_sk(sk)->addr); |
1da177e4 | 2306 | |
ae3b5641 AV |
2307 | if (addr) { |
2308 | msg->msg_namelen = addr->len; | |
2309 | memcpy(msg->msg_name, addr->name, addr->len); | |
1da177e4 LT |
2310 | } |
2311 | } | |
2312 | ||
9825d866 CW |
2313 | int __unix_dgram_recvmsg(struct sock *sk, struct msghdr *msg, size_t size, |
2314 | int flags) | |
1da177e4 | 2315 | { |
7cc05662 | 2316 | struct scm_cookie scm; |
9825d866 | 2317 | struct socket *sock = sk->sk_socket; |
1da177e4 | 2318 | struct unix_sock *u = unix_sk(sk); |
64874280 RW |
2319 | struct sk_buff *skb, *last; |
2320 | long timeo; | |
fd69c399 | 2321 | int skip; |
1da177e4 LT |
2322 | int err; |
2323 | ||
2324 | err = -EOPNOTSUPP; | |
2325 | if (flags&MSG_OOB) | |
2326 | goto out; | |
2327 | ||
64874280 | 2328 | timeo = sock_rcvtimeo(sk, flags & MSG_DONTWAIT); |
1da177e4 | 2329 | |
64874280 | 2330 | do { |
6e1ce3c3 | 2331 | mutex_lock(&u->iolock); |
f55bb7f9 | 2332 | |
64874280 | 2333 | skip = sk_peek_offset(sk, flags); |
b50b0580 | 2334 | skb = __skb_try_recv_datagram(sk, &sk->sk_receive_queue, flags, |
e427cad6 PA |
2335 | &skip, &err, &last); |
2336 | if (skb) { | |
2337 | if (!(flags & MSG_PEEK)) | |
2338 | scm_stat_del(sk, skb); | |
64874280 | 2339 | break; |
e427cad6 | 2340 | } |
64874280 | 2341 | |
6e1ce3c3 | 2342 | mutex_unlock(&u->iolock); |
64874280 RW |
2343 | |
2344 | if (err != -EAGAIN) | |
2345 | break; | |
2346 | } while (timeo && | |
b50b0580 SD |
2347 | !__skb_wait_for_more_packets(sk, &sk->sk_receive_queue, |
2348 | &err, &timeo, last)); | |
64874280 | 2349 | |
6e1ce3c3 | 2350 | if (!skb) { /* implies iolock unlocked */ |
0a112258 FZ |
2351 | unix_state_lock(sk); |
2352 | /* Signal EOF on disconnected non-blocking SEQPACKET socket. */ | |
2353 | if (sk->sk_type == SOCK_SEQPACKET && err == -EAGAIN && | |
2354 | (sk->sk_shutdown & RCV_SHUTDOWN)) | |
2355 | err = 0; | |
2356 | unix_state_unlock(sk); | |
64874280 | 2357 | goto out; |
0a112258 | 2358 | } |
1da177e4 | 2359 | |
77b75f4d RW |
2360 | if (wq_has_sleeper(&u->peer_wait)) |
2361 | wake_up_interruptible_sync_poll(&u->peer_wait, | |
a9a08845 LT |
2362 | EPOLLOUT | EPOLLWRNORM | |
2363 | EPOLLWRBAND); | |
1da177e4 LT |
2364 | |
2365 | if (msg->msg_name) | |
2366 | unix_copy_addr(msg, skb->sk); | |
2367 | ||
f55bb7f9 PE |
2368 | if (size > skb->len - skip) |
2369 | size = skb->len - skip; | |
2370 | else if (size < skb->len - skip) | |
1da177e4 LT |
2371 | msg->msg_flags |= MSG_TRUNC; |
2372 | ||
51f3d02b | 2373 | err = skb_copy_datagram_msg(skb, skip, msg, size); |
1da177e4 LT |
2374 | if (err) |
2375 | goto out_free; | |
2376 | ||
3f66116e AC |
2377 | if (sock_flag(sk, SOCK_RCVTSTAMP)) |
2378 | __sock_recv_timestamp(msg, sk, skb); | |
2379 | ||
7cc05662 CH |
2380 | memset(&scm, 0, sizeof(scm)); |
2381 | ||
2382 | scm_set_cred(&scm, UNIXCB(skb).pid, UNIXCB(skb).uid, UNIXCB(skb).gid); | |
2383 | unix_set_secdata(&scm, skb); | |
1da177e4 | 2384 | |
6eba6a37 | 2385 | if (!(flags & MSG_PEEK)) { |
1da177e4 | 2386 | if (UNIXCB(skb).fp) |
7cc05662 | 2387 | unix_detach_fds(&scm, skb); |
f55bb7f9 PE |
2388 | |
2389 | sk_peek_offset_bwd(sk, skb->len); | |
6eba6a37 | 2390 | } else { |
1da177e4 LT |
2391 | /* It is questionable: on PEEK we could: |
2392 | - do not return fds - good, but too simple 8) | |
2393 | - return fds, and do not return them on read (old strategy, | |
2394 | apparently wrong) | |
2395 | - clone fds (I chose it for now, it is the most universal | |
2396 | solution) | |
ac7bfa62 YH |
2397 | |
2398 | POSIX 1003.1g does not actually define this clearly | |
2399 | at all. POSIX 1003.1g doesn't define a lot of things | |
2400 | clearly however! | |
2401 | ||
1da177e4 | 2402 | */ |
f55bb7f9 PE |
2403 | |
2404 | sk_peek_offset_fwd(sk, size); | |
2405 | ||
1da177e4 | 2406 | if (UNIXCB(skb).fp) |
cbcf0112 | 2407 | unix_peek_fds(&scm, skb); |
1da177e4 | 2408 | } |
9f6f9af7 | 2409 | err = (flags & MSG_TRUNC) ? skb->len - skip : size; |
1da177e4 | 2410 | |
7cc05662 | 2411 | scm_recv(sock, msg, &scm, flags); |
1da177e4 LT |
2412 | |
2413 | out_free: | |
6eba6a37 | 2414 | skb_free_datagram(sk, skb); |
6e1ce3c3 | 2415 | mutex_unlock(&u->iolock); |
1da177e4 LT |
2416 | out: |
2417 | return err; | |
2418 | } | |
29df44fa | 2419 | |
9825d866 CW |
2420 | static int unix_dgram_recvmsg(struct socket *sock, struct msghdr *msg, size_t size, |
2421 | int flags) | |
2422 | { | |
2423 | struct sock *sk = sock->sk; | |
2424 | ||
2425 | #ifdef CONFIG_BPF_SYSCALL | |
94531cfc JW |
2426 | const struct proto *prot = READ_ONCE(sk->sk_prot); |
2427 | ||
2428 | if (prot != &unix_dgram_proto) | |
2429 | return prot->recvmsg(sk, msg, size, flags & MSG_DONTWAIT, | |
9825d866 CW |
2430 | flags & ~MSG_DONTWAIT, NULL); |
2431 | #endif | |
2432 | return __unix_dgram_recvmsg(sk, msg, size, flags); | |
2433 | } | |
2434 | ||
29df44fa CW |
2435 | static int unix_read_sock(struct sock *sk, read_descriptor_t *desc, |
2436 | sk_read_actor_t recv_actor) | |
2437 | { | |
2438 | int copied = 0; | |
2439 | ||
2440 | while (1) { | |
2441 | struct unix_sock *u = unix_sk(sk); | |
2442 | struct sk_buff *skb; | |
2443 | int used, err; | |
2444 | ||
2445 | mutex_lock(&u->iolock); | |
2446 | skb = skb_recv_datagram(sk, 0, 1, &err); | |
2447 | mutex_unlock(&u->iolock); | |
2448 | if (!skb) | |
2449 | return err; | |
2450 | ||
2451 | used = recv_actor(desc, skb, 0, skb->len); | |
2452 | if (used <= 0) { | |
2453 | if (!copied) | |
2454 | copied = used; | |
2455 | kfree_skb(skb); | |
2456 | break; | |
2457 | } else if (used <= skb->len) { | |
2458 | copied += used; | |
2459 | } | |
2460 | ||
2461 | kfree_skb(skb); | |
2462 | if (!desc->count) | |
2463 | break; | |
2464 | } | |
2465 | ||
2466 | return copied; | |
2467 | } | |
1da177e4 LT |
2468 | |
2469 | /* | |
79f632c7 | 2470 | * Sleep until more data has arrived. But check for races.. |
1da177e4 | 2471 | */ |
79f632c7 | 2472 | static long unix_stream_data_wait(struct sock *sk, long timeo, |
06a77b07 WC |
2473 | struct sk_buff *last, unsigned int last_len, |
2474 | bool freezable) | |
1da177e4 | 2475 | { |
2b514574 | 2476 | struct sk_buff *tail; |
1da177e4 LT |
2477 | DEFINE_WAIT(wait); |
2478 | ||
1c92b4e5 | 2479 | unix_state_lock(sk); |
1da177e4 LT |
2480 | |
2481 | for (;;) { | |
aa395145 | 2482 | prepare_to_wait(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE); |
1da177e4 | 2483 | |
2b514574 HFS |
2484 | tail = skb_peek_tail(&sk->sk_receive_queue); |
2485 | if (tail != last || | |
2486 | (tail && tail->len != last_len) || | |
1da177e4 LT |
2487 | sk->sk_err || |
2488 | (sk->sk_shutdown & RCV_SHUTDOWN) || | |
2489 | signal_pending(current) || | |
2490 | !timeo) | |
2491 | break; | |
2492 | ||
9cd3e072 | 2493 | sk_set_bit(SOCKWQ_ASYNC_WAITDATA, sk); |
1c92b4e5 | 2494 | unix_state_unlock(sk); |
06a77b07 WC |
2495 | if (freezable) |
2496 | timeo = freezable_schedule_timeout(timeo); | |
2497 | else | |
2498 | timeo = schedule_timeout(timeo); | |
1c92b4e5 | 2499 | unix_state_lock(sk); |
b48732e4 MS |
2500 | |
2501 | if (sock_flag(sk, SOCK_DEAD)) | |
2502 | break; | |
2503 | ||
9cd3e072 | 2504 | sk_clear_bit(SOCKWQ_ASYNC_WAITDATA, sk); |
1da177e4 LT |
2505 | } |
2506 | ||
aa395145 | 2507 | finish_wait(sk_sleep(sk), &wait); |
1c92b4e5 | 2508 | unix_state_unlock(sk); |
1da177e4 LT |
2509 | return timeo; |
2510 | } | |
2511 | ||
e370a723 ED |
2512 | static unsigned int unix_skb_len(const struct sk_buff *skb) |
2513 | { | |
2514 | return skb->len - UNIXCB(skb).consumed; | |
2515 | } | |
2516 | ||
2b514574 HFS |
2517 | struct unix_stream_read_state { |
2518 | int (*recv_actor)(struct sk_buff *, int, int, | |
2519 | struct unix_stream_read_state *); | |
2520 | struct socket *socket; | |
2521 | struct msghdr *msg; | |
2522 | struct pipe_inode_info *pipe; | |
2523 | size_t size; | |
2524 | int flags; | |
2525 | unsigned int splice_flags; | |
2526 | }; | |
2527 | ||
314001f0 RS |
2528 | #if IS_ENABLED(CONFIG_AF_UNIX_OOB) |
2529 | static int unix_stream_recv_urg(struct unix_stream_read_state *state) | |
2530 | { | |
2531 | struct socket *sock = state->socket; | |
2532 | struct sock *sk = sock->sk; | |
2533 | struct unix_sock *u = unix_sk(sk); | |
2534 | int chunk = 1; | |
876c14ad | 2535 | struct sk_buff *oob_skb; |
314001f0 | 2536 | |
876c14ad RS |
2537 | mutex_lock(&u->iolock); |
2538 | unix_state_lock(sk); | |
2539 | ||
2540 | if (sock_flag(sk, SOCK_URGINLINE) || !u->oob_skb) { | |
2541 | unix_state_unlock(sk); | |
2542 | mutex_unlock(&u->iolock); | |
314001f0 | 2543 | return -EINVAL; |
876c14ad | 2544 | } |
314001f0 | 2545 | |
876c14ad | 2546 | oob_skb = u->oob_skb; |
314001f0 RS |
2547 | |
2548 | if (!(state->flags & MSG_PEEK)) { | |
314001f0 RS |
2549 | u->oob_skb = NULL; |
2550 | } | |
876c14ad RS |
2551 | |
2552 | unix_state_unlock(sk); | |
2553 | ||
2554 | chunk = state->recv_actor(oob_skb, 0, chunk, state); | |
2555 | ||
2556 | if (!(state->flags & MSG_PEEK)) { | |
2557 | UNIXCB(oob_skb).consumed += 1; | |
2558 | kfree_skb(oob_skb); | |
2559 | } | |
2560 | ||
2561 | mutex_unlock(&u->iolock); | |
2562 | ||
2563 | if (chunk < 0) | |
2564 | return -EFAULT; | |
2565 | ||
314001f0 RS |
2566 | state->msg->msg_flags |= MSG_OOB; |
2567 | return 1; | |
2568 | } | |
2569 | ||
2570 | static struct sk_buff *manage_oob(struct sk_buff *skb, struct sock *sk, | |
2571 | int flags, int copied) | |
2572 | { | |
2573 | struct unix_sock *u = unix_sk(sk); | |
2574 | ||
2575 | if (!unix_skb_len(skb) && !(flags & MSG_PEEK)) { | |
2576 | skb_unlink(skb, &sk->sk_receive_queue); | |
2577 | consume_skb(skb); | |
2578 | skb = NULL; | |
2579 | } else { | |
2580 | if (skb == u->oob_skb) { | |
2581 | if (copied) { | |
2582 | skb = NULL; | |
2583 | } else if (sock_flag(sk, SOCK_URGINLINE)) { | |
2584 | if (!(flags & MSG_PEEK)) { | |
2585 | u->oob_skb = NULL; | |
2586 | consume_skb(skb); | |
2587 | } | |
2588 | } else if (!(flags & MSG_PEEK)) { | |
2589 | skb_unlink(skb, &sk->sk_receive_queue); | |
2590 | consume_skb(skb); | |
2591 | skb = skb_peek(&sk->sk_receive_queue); | |
2592 | } | |
2593 | } | |
2594 | } | |
2595 | return skb; | |
2596 | } | |
2597 | #endif | |
2598 | ||
77462de1 JW |
2599 | static int unix_stream_read_sock(struct sock *sk, read_descriptor_t *desc, |
2600 | sk_read_actor_t recv_actor) | |
2601 | { | |
2602 | if (unlikely(sk->sk_state != TCP_ESTABLISHED)) | |
2603 | return -ENOTCONN; | |
2604 | ||
2605 | return unix_read_sock(sk, desc, recv_actor); | |
2606 | } | |
2607 | ||
06a77b07 WC |
2608 | static int unix_stream_read_generic(struct unix_stream_read_state *state, |
2609 | bool freezable) | |
1da177e4 | 2610 | { |
7cc05662 | 2611 | struct scm_cookie scm; |
2b514574 | 2612 | struct socket *sock = state->socket; |
1da177e4 LT |
2613 | struct sock *sk = sock->sk; |
2614 | struct unix_sock *u = unix_sk(sk); | |
1da177e4 | 2615 | int copied = 0; |
2b514574 | 2616 | int flags = state->flags; |
de144391 | 2617 | int noblock = flags & MSG_DONTWAIT; |
2b514574 | 2618 | bool check_creds = false; |
1da177e4 LT |
2619 | int target; |
2620 | int err = 0; | |
2621 | long timeo; | |
fc0d7536 | 2622 | int skip; |
2b514574 HFS |
2623 | size_t size = state->size; |
2624 | unsigned int last_len; | |
1da177e4 | 2625 | |
1b92ee3d RW |
2626 | if (unlikely(sk->sk_state != TCP_ESTABLISHED)) { |
2627 | err = -EINVAL; | |
1da177e4 | 2628 | goto out; |
1b92ee3d | 2629 | } |
1da177e4 | 2630 | |
1b92ee3d RW |
2631 | if (unlikely(flags & MSG_OOB)) { |
2632 | err = -EOPNOTSUPP; | |
314001f0 | 2633 | #if IS_ENABLED(CONFIG_AF_UNIX_OOB) |
314001f0 | 2634 | err = unix_stream_recv_urg(state); |
314001f0 | 2635 | #endif |
1da177e4 | 2636 | goto out; |
1b92ee3d | 2637 | } |
1da177e4 | 2638 | |
2b514574 | 2639 | target = sock_rcvlowat(sk, flags & MSG_WAITALL, size); |
de144391 | 2640 | timeo = sock_rcvtimeo(sk, noblock); |
1da177e4 | 2641 | |
2b514574 HFS |
2642 | memset(&scm, 0, sizeof(scm)); |
2643 | ||
1da177e4 LT |
2644 | /* Lock the socket to prevent queue disordering |
2645 | * while sleeps in memcpy_tomsg | |
2646 | */ | |
6e1ce3c3 | 2647 | mutex_lock(&u->iolock); |
1da177e4 | 2648 | |
a0917e0b | 2649 | skip = max(sk_peek_offset(sk, flags), 0); |
e9193d60 | 2650 | |
6eba6a37 | 2651 | do { |
1da177e4 | 2652 | int chunk; |
73ed5d25 | 2653 | bool drop_skb; |
79f632c7 | 2654 | struct sk_buff *skb, *last; |
1da177e4 | 2655 | |
18eceb81 | 2656 | redo: |
3c0d2f37 | 2657 | unix_state_lock(sk); |
b48732e4 MS |
2658 | if (sock_flag(sk, SOCK_DEAD)) { |
2659 | err = -ECONNRESET; | |
2660 | goto unlock; | |
2661 | } | |
79f632c7 | 2662 | last = skb = skb_peek(&sk->sk_receive_queue); |
2b514574 | 2663 | last_len = last ? last->len : 0; |
314001f0 RS |
2664 | |
2665 | #if IS_ENABLED(CONFIG_AF_UNIX_OOB) | |
2666 | if (skb) { | |
2667 | skb = manage_oob(skb, sk, flags, copied); | |
2668 | if (!skb) { | |
2669 | unix_state_unlock(sk); | |
2670 | if (copied) | |
2671 | break; | |
2672 | goto redo; | |
2673 | } | |
2674 | } | |
2675 | #endif | |
fc0d7536 | 2676 | again: |
6eba6a37 | 2677 | if (skb == NULL) { |
1da177e4 | 2678 | if (copied >= target) |
3c0d2f37 | 2679 | goto unlock; |
1da177e4 LT |
2680 | |
2681 | /* | |
2682 | * POSIX 1003.1g mandates this order. | |
2683 | */ | |
ac7bfa62 | 2684 | |
6eba6a37 ED |
2685 | err = sock_error(sk); |
2686 | if (err) | |
3c0d2f37 | 2687 | goto unlock; |
1da177e4 | 2688 | if (sk->sk_shutdown & RCV_SHUTDOWN) |
3c0d2f37 MS |
2689 | goto unlock; |
2690 | ||
2691 | unix_state_unlock(sk); | |
1b92ee3d RW |
2692 | if (!timeo) { |
2693 | err = -EAGAIN; | |
1da177e4 | 2694 | break; |
1b92ee3d RW |
2695 | } |
2696 | ||
6e1ce3c3 | 2697 | mutex_unlock(&u->iolock); |
1da177e4 | 2698 | |
2b514574 | 2699 | timeo = unix_stream_data_wait(sk, timeo, last, |
06a77b07 | 2700 | last_len, freezable); |
1da177e4 | 2701 | |
3822b5c2 | 2702 | if (signal_pending(current)) { |
1da177e4 | 2703 | err = sock_intr_errno(timeo); |
fa0dc04d | 2704 | scm_destroy(&scm); |
1da177e4 LT |
2705 | goto out; |
2706 | } | |
b3ca9b02 | 2707 | |
6e1ce3c3 | 2708 | mutex_lock(&u->iolock); |
18eceb81 | 2709 | goto redo; |
2b514574 | 2710 | unlock: |
3c0d2f37 MS |
2711 | unix_state_unlock(sk); |
2712 | break; | |
1da177e4 | 2713 | } |
fc0d7536 | 2714 | |
e370a723 ED |
2715 | while (skip >= unix_skb_len(skb)) { |
2716 | skip -= unix_skb_len(skb); | |
79f632c7 | 2717 | last = skb; |
2b514574 | 2718 | last_len = skb->len; |
fc0d7536 | 2719 | skb = skb_peek_next(skb, &sk->sk_receive_queue); |
79f632c7 BP |
2720 | if (!skb) |
2721 | goto again; | |
fc0d7536 PE |
2722 | } |
2723 | ||
3c0d2f37 | 2724 | unix_state_unlock(sk); |
1da177e4 LT |
2725 | |
2726 | if (check_creds) { | |
2727 | /* Never glue messages from different writers */ | |
9490f886 | 2728 | if (!unix_skb_scm_eq(skb, &scm)) |
1da177e4 | 2729 | break; |
0e82e7f6 | 2730 | } else if (test_bit(SOCK_PASSCRED, &sock->flags)) { |
1da177e4 | 2731 | /* Copy credentials */ |
7cc05662 | 2732 | scm_set_cred(&scm, UNIXCB(skb).pid, UNIXCB(skb).uid, UNIXCB(skb).gid); |
37a9a8df | 2733 | unix_set_secdata(&scm, skb); |
2b514574 | 2734 | check_creds = true; |
1da177e4 LT |
2735 | } |
2736 | ||
2737 | /* Copy address just once */ | |
2b514574 HFS |
2738 | if (state->msg && state->msg->msg_name) { |
2739 | DECLARE_SOCKADDR(struct sockaddr_un *, sunaddr, | |
2740 | state->msg->msg_name); | |
2741 | unix_copy_addr(state->msg, skb->sk); | |
1da177e4 LT |
2742 | sunaddr = NULL; |
2743 | } | |
2744 | ||
e370a723 | 2745 | chunk = min_t(unsigned int, unix_skb_len(skb) - skip, size); |
73ed5d25 | 2746 | skb_get(skb); |
2b514574 | 2747 | chunk = state->recv_actor(skb, skip, chunk, state); |
73ed5d25 HFS |
2748 | drop_skb = !unix_skb_len(skb); |
2749 | /* skb is only safe to use if !drop_skb */ | |
2750 | consume_skb(skb); | |
2b514574 | 2751 | if (chunk < 0) { |
1da177e4 LT |
2752 | if (copied == 0) |
2753 | copied = -EFAULT; | |
2754 | break; | |
2755 | } | |
2756 | copied += chunk; | |
2757 | size -= chunk; | |
2758 | ||
73ed5d25 HFS |
2759 | if (drop_skb) { |
2760 | /* the skb was touched by a concurrent reader; | |
2761 | * we should not expect anything from this skb | |
2762 | * anymore and assume it invalid - we can be | |
2763 | * sure it was dropped from the socket queue | |
2764 | * | |
2765 | * let's report a short read | |
2766 | */ | |
2767 | err = 0; | |
2768 | break; | |
2769 | } | |
2770 | ||
1da177e4 | 2771 | /* Mark read part of skb as used */ |
6eba6a37 | 2772 | if (!(flags & MSG_PEEK)) { |
e370a723 | 2773 | UNIXCB(skb).consumed += chunk; |
1da177e4 | 2774 | |
fc0d7536 PE |
2775 | sk_peek_offset_bwd(sk, chunk); |
2776 | ||
3c32da19 | 2777 | if (UNIXCB(skb).fp) { |
3c32da19 | 2778 | scm_stat_del(sk, skb); |
7cc05662 | 2779 | unix_detach_fds(&scm, skb); |
3c32da19 | 2780 | } |
1da177e4 | 2781 | |
e370a723 | 2782 | if (unix_skb_len(skb)) |
1da177e4 | 2783 | break; |
1da177e4 | 2784 | |
6f01fd6e | 2785 | skb_unlink(skb, &sk->sk_receive_queue); |
70d4bf6d | 2786 | consume_skb(skb); |
1da177e4 | 2787 | |
7cc05662 | 2788 | if (scm.fp) |
1da177e4 | 2789 | break; |
6eba6a37 | 2790 | } else { |
1da177e4 LT |
2791 | /* It is questionable, see note in unix_dgram_recvmsg. |
2792 | */ | |
2793 | if (UNIXCB(skb).fp) | |
cbcf0112 | 2794 | unix_peek_fds(&scm, skb); |
1da177e4 | 2795 | |
e9193d60 | 2796 | sk_peek_offset_fwd(sk, chunk); |
fc0d7536 | 2797 | |
9f389e35 AC |
2798 | if (UNIXCB(skb).fp) |
2799 | break; | |
2800 | ||
e9193d60 | 2801 | skip = 0; |
9f389e35 AC |
2802 | last = skb; |
2803 | last_len = skb->len; | |
2804 | unix_state_lock(sk); | |
2805 | skb = skb_peek_next(skb, &sk->sk_receive_queue); | |
2806 | if (skb) | |
2807 | goto again; | |
2808 | unix_state_unlock(sk); | |
1da177e4 LT |
2809 | break; |
2810 | } | |
2811 | } while (size); | |
2812 | ||
6e1ce3c3 | 2813 | mutex_unlock(&u->iolock); |
2b514574 HFS |
2814 | if (state->msg) |
2815 | scm_recv(sock, state->msg, &scm, flags); | |
2816 | else | |
2817 | scm_destroy(&scm); | |
1da177e4 LT |
2818 | out: |
2819 | return copied ? : err; | |
2820 | } | |
2821 | ||
2b514574 HFS |
2822 | static int unix_stream_read_actor(struct sk_buff *skb, |
2823 | int skip, int chunk, | |
2824 | struct unix_stream_read_state *state) | |
2825 | { | |
2826 | int ret; | |
2827 | ||
2828 | ret = skb_copy_datagram_msg(skb, UNIXCB(skb).consumed + skip, | |
2829 | state->msg, chunk); | |
2830 | return ret ?: chunk; | |
2831 | } | |
2832 | ||
94531cfc JW |
2833 | int __unix_stream_recvmsg(struct sock *sk, struct msghdr *msg, |
2834 | size_t size, int flags) | |
2835 | { | |
2836 | struct unix_stream_read_state state = { | |
2837 | .recv_actor = unix_stream_read_actor, | |
2838 | .socket = sk->sk_socket, | |
2839 | .msg = msg, | |
2840 | .size = size, | |
2841 | .flags = flags | |
2842 | }; | |
2843 | ||
2844 | return unix_stream_read_generic(&state, true); | |
2845 | } | |
2846 | ||
2b514574 HFS |
2847 | static int unix_stream_recvmsg(struct socket *sock, struct msghdr *msg, |
2848 | size_t size, int flags) | |
2849 | { | |
2850 | struct unix_stream_read_state state = { | |
2851 | .recv_actor = unix_stream_read_actor, | |
2852 | .socket = sock, | |
2853 | .msg = msg, | |
2854 | .size = size, | |
2855 | .flags = flags | |
2856 | }; | |
2857 | ||
94531cfc JW |
2858 | #ifdef CONFIG_BPF_SYSCALL |
2859 | struct sock *sk = sock->sk; | |
2860 | const struct proto *prot = READ_ONCE(sk->sk_prot); | |
2861 | ||
2862 | if (prot != &unix_stream_proto) | |
2863 | return prot->recvmsg(sk, msg, size, flags & MSG_DONTWAIT, | |
2864 | flags & ~MSG_DONTWAIT, NULL); | |
2865 | #endif | |
06a77b07 | 2866 | return unix_stream_read_generic(&state, true); |
2b514574 HFS |
2867 | } |
2868 | ||
2b514574 HFS |
2869 | static int unix_stream_splice_actor(struct sk_buff *skb, |
2870 | int skip, int chunk, | |
2871 | struct unix_stream_read_state *state) | |
2872 | { | |
2873 | return skb_splice_bits(skb, state->socket->sk, | |
2874 | UNIXCB(skb).consumed + skip, | |
25869262 | 2875 | state->pipe, chunk, state->splice_flags); |
2b514574 HFS |
2876 | } |
2877 | ||
2878 | static ssize_t unix_stream_splice_read(struct socket *sock, loff_t *ppos, | |
2879 | struct pipe_inode_info *pipe, | |
2880 | size_t size, unsigned int flags) | |
2881 | { | |
2882 | struct unix_stream_read_state state = { | |
2883 | .recv_actor = unix_stream_splice_actor, | |
2884 | .socket = sock, | |
2885 | .pipe = pipe, | |
2886 | .size = size, | |
2887 | .splice_flags = flags, | |
2888 | }; | |
2889 | ||
2890 | if (unlikely(*ppos)) | |
2891 | return -ESPIPE; | |
2892 | ||
2893 | if (sock->file->f_flags & O_NONBLOCK || | |
2894 | flags & SPLICE_F_NONBLOCK) | |
2895 | state.flags = MSG_DONTWAIT; | |
2896 | ||
06a77b07 | 2897 | return unix_stream_read_generic(&state, false); |
2b514574 HFS |
2898 | } |
2899 | ||
1da177e4 LT |
2900 | static int unix_shutdown(struct socket *sock, int mode) |
2901 | { | |
2902 | struct sock *sk = sock->sk; | |
2903 | struct sock *other; | |
2904 | ||
fc61b928 XW |
2905 | if (mode < SHUT_RD || mode > SHUT_RDWR) |
2906 | return -EINVAL; | |
2907 | /* This maps: | |
2908 | * SHUT_RD (0) -> RCV_SHUTDOWN (1) | |
2909 | * SHUT_WR (1) -> SEND_SHUTDOWN (2) | |
2910 | * SHUT_RDWR (2) -> SHUTDOWN_MASK (3) | |
2911 | */ | |
2912 | ++mode; | |
7180a031 AC |
2913 | |
2914 | unix_state_lock(sk); | |
2915 | sk->sk_shutdown |= mode; | |
2916 | other = unix_peer(sk); | |
2917 | if (other) | |
2918 | sock_hold(other); | |
2919 | unix_state_unlock(sk); | |
2920 | sk->sk_state_change(sk); | |
2921 | ||
2922 | if (other && | |
2923 | (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET)) { | |
2924 | ||
2925 | int peer_mode = 0; | |
94531cfc | 2926 | const struct proto *prot = READ_ONCE(other->sk_prot); |
7180a031 | 2927 | |
d359902d JW |
2928 | if (prot->unhash) |
2929 | prot->unhash(other); | |
7180a031 AC |
2930 | if (mode&RCV_SHUTDOWN) |
2931 | peer_mode |= SEND_SHUTDOWN; | |
2932 | if (mode&SEND_SHUTDOWN) | |
2933 | peer_mode |= RCV_SHUTDOWN; | |
2934 | unix_state_lock(other); | |
2935 | other->sk_shutdown |= peer_mode; | |
2936 | unix_state_unlock(other); | |
2937 | other->sk_state_change(other); | |
d0c6416b | 2938 | if (peer_mode == SHUTDOWN_MASK) |
7180a031 | 2939 | sk_wake_async(other, SOCK_WAKE_WAITD, POLL_HUP); |
d0c6416b | 2940 | else if (peer_mode & RCV_SHUTDOWN) |
7180a031 | 2941 | sk_wake_async(other, SOCK_WAKE_WAITD, POLL_IN); |
1da177e4 | 2942 | } |
7180a031 AC |
2943 | if (other) |
2944 | sock_put(other); | |
2945 | ||
1da177e4 LT |
2946 | return 0; |
2947 | } | |
2948 | ||
885ee74d PE |
2949 | long unix_inq_len(struct sock *sk) |
2950 | { | |
2951 | struct sk_buff *skb; | |
2952 | long amount = 0; | |
2953 | ||
2954 | if (sk->sk_state == TCP_LISTEN) | |
2955 | return -EINVAL; | |
2956 | ||
2957 | spin_lock(&sk->sk_receive_queue.lock); | |
2958 | if (sk->sk_type == SOCK_STREAM || | |
2959 | sk->sk_type == SOCK_SEQPACKET) { | |
2960 | skb_queue_walk(&sk->sk_receive_queue, skb) | |
e370a723 | 2961 | amount += unix_skb_len(skb); |
885ee74d PE |
2962 | } else { |
2963 | skb = skb_peek(&sk->sk_receive_queue); | |
2964 | if (skb) | |
2965 | amount = skb->len; | |
2966 | } | |
2967 | spin_unlock(&sk->sk_receive_queue.lock); | |
2968 | ||
2969 | return amount; | |
2970 | } | |
2971 | EXPORT_SYMBOL_GPL(unix_inq_len); | |
2972 | ||
2973 | long unix_outq_len(struct sock *sk) | |
2974 | { | |
2975 | return sk_wmem_alloc_get(sk); | |
2976 | } | |
2977 | EXPORT_SYMBOL_GPL(unix_outq_len); | |
2978 | ||
ba94f308 AV |
2979 | static int unix_open_file(struct sock *sk) |
2980 | { | |
2981 | struct path path; | |
2982 | struct file *f; | |
2983 | int fd; | |
2984 | ||
2985 | if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) | |
2986 | return -EPERM; | |
2987 | ||
ae3b5641 AV |
2988 | if (!smp_load_acquire(&unix_sk(sk)->addr)) |
2989 | return -ENOENT; | |
2990 | ||
ba94f308 | 2991 | path = unix_sk(sk)->path; |
ae3b5641 | 2992 | if (!path.dentry) |
ba94f308 | 2993 | return -ENOENT; |
ba94f308 AV |
2994 | |
2995 | path_get(&path); | |
ba94f308 AV |
2996 | |
2997 | fd = get_unused_fd_flags(O_CLOEXEC); | |
2998 | if (fd < 0) | |
2999 | goto out; | |
3000 | ||
3001 | f = dentry_open(&path, O_PATH, current_cred()); | |
3002 | if (IS_ERR(f)) { | |
3003 | put_unused_fd(fd); | |
3004 | fd = PTR_ERR(f); | |
3005 | goto out; | |
3006 | } | |
3007 | ||
3008 | fd_install(fd, f); | |
3009 | out: | |
3010 | path_put(&path); | |
3011 | ||
3012 | return fd; | |
3013 | } | |
3014 | ||
1da177e4 LT |
3015 | static int unix_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) |
3016 | { | |
3017 | struct sock *sk = sock->sk; | |
e27dfcea | 3018 | long amount = 0; |
1da177e4 LT |
3019 | int err; |
3020 | ||
6eba6a37 ED |
3021 | switch (cmd) { |
3022 | case SIOCOUTQ: | |
885ee74d | 3023 | amount = unix_outq_len(sk); |
6eba6a37 ED |
3024 | err = put_user(amount, (int __user *)arg); |
3025 | break; | |
3026 | case SIOCINQ: | |
885ee74d PE |
3027 | amount = unix_inq_len(sk); |
3028 | if (amount < 0) | |
3029 | err = amount; | |
3030 | else | |
1da177e4 | 3031 | err = put_user(amount, (int __user *)arg); |
885ee74d | 3032 | break; |
ba94f308 AV |
3033 | case SIOCUNIXFILE: |
3034 | err = unix_open_file(sk); | |
3035 | break; | |
314001f0 RS |
3036 | #if IS_ENABLED(CONFIG_AF_UNIX_OOB) |
3037 | case SIOCATMARK: | |
3038 | { | |
3039 | struct sk_buff *skb; | |
3040 | struct unix_sock *u = unix_sk(sk); | |
3041 | int answ = 0; | |
3042 | ||
3043 | skb = skb_peek(&sk->sk_receive_queue); | |
3044 | if (skb && skb == u->oob_skb) | |
3045 | answ = 1; | |
3046 | err = put_user(answ, (int __user *)arg); | |
3047 | } | |
3048 | break; | |
3049 | #endif | |
6eba6a37 ED |
3050 | default: |
3051 | err = -ENOIOCTLCMD; | |
3052 | break; | |
1da177e4 LT |
3053 | } |
3054 | return err; | |
3055 | } | |
3056 | ||
5f6beb9e AB |
3057 | #ifdef CONFIG_COMPAT |
3058 | static int unix_compat_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) | |
3059 | { | |
3060 | return unix_ioctl(sock, cmd, (unsigned long)compat_ptr(arg)); | |
3061 | } | |
3062 | #endif | |
3063 | ||
a11e1d43 | 3064 | static __poll_t unix_poll(struct file *file, struct socket *sock, poll_table *wait) |
1da177e4 LT |
3065 | { |
3066 | struct sock *sk = sock->sk; | |
a11e1d43 LT |
3067 | __poll_t mask; |
3068 | ||
89ab066d | 3069 | sock_poll_wait(file, sock, wait); |
a11e1d43 | 3070 | mask = 0; |
1da177e4 LT |
3071 | |
3072 | /* exceptional events? */ | |
3073 | if (sk->sk_err) | |
a9a08845 | 3074 | mask |= EPOLLERR; |
1da177e4 | 3075 | if (sk->sk_shutdown == SHUTDOWN_MASK) |
a9a08845 | 3076 | mask |= EPOLLHUP; |
f348d70a | 3077 | if (sk->sk_shutdown & RCV_SHUTDOWN) |
a9a08845 | 3078 | mask |= EPOLLRDHUP | EPOLLIN | EPOLLRDNORM; |
1da177e4 LT |
3079 | |
3080 | /* readable? */ | |
3ef7cf57 | 3081 | if (!skb_queue_empty_lockless(&sk->sk_receive_queue)) |
a9a08845 | 3082 | mask |= EPOLLIN | EPOLLRDNORM; |
af493388 CW |
3083 | if (sk_is_readable(sk)) |
3084 | mask |= EPOLLIN | EPOLLRDNORM; | |
1da177e4 LT |
3085 | |
3086 | /* Connection-based need to check for termination and startup */ | |
6eba6a37 ED |
3087 | if ((sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET) && |
3088 | sk->sk_state == TCP_CLOSE) | |
a9a08845 | 3089 | mask |= EPOLLHUP; |
1da177e4 LT |
3090 | |
3091 | /* | |
3092 | * we set writable also when the other side has shut down the | |
3093 | * connection. This prevents stuck sockets. | |
3094 | */ | |
3095 | if (unix_writable(sk)) | |
a9a08845 | 3096 | mask |= EPOLLOUT | EPOLLWRNORM | EPOLLWRBAND; |
1da177e4 LT |
3097 | |
3098 | return mask; | |
3099 | } | |
3100 | ||
a11e1d43 LT |
3101 | static __poll_t unix_dgram_poll(struct file *file, struct socket *sock, |
3102 | poll_table *wait) | |
3c73419c | 3103 | { |
ec0d215f | 3104 | struct sock *sk = sock->sk, *other; |
a11e1d43 LT |
3105 | unsigned int writable; |
3106 | __poll_t mask; | |
3107 | ||
89ab066d | 3108 | sock_poll_wait(file, sock, wait); |
a11e1d43 | 3109 | mask = 0; |
3c73419c RW |
3110 | |
3111 | /* exceptional events? */ | |
3ef7cf57 | 3112 | if (sk->sk_err || !skb_queue_empty_lockless(&sk->sk_error_queue)) |
a9a08845 LT |
3113 | mask |= EPOLLERR | |
3114 | (sock_flag(sk, SOCK_SELECT_ERR_QUEUE) ? EPOLLPRI : 0); | |
7d4c04fc | 3115 | |
3c73419c | 3116 | if (sk->sk_shutdown & RCV_SHUTDOWN) |
a9a08845 | 3117 | mask |= EPOLLRDHUP | EPOLLIN | EPOLLRDNORM; |
3c73419c | 3118 | if (sk->sk_shutdown == SHUTDOWN_MASK) |
a9a08845 | 3119 | mask |= EPOLLHUP; |
3c73419c RW |
3120 | |
3121 | /* readable? */ | |
3ef7cf57 | 3122 | if (!skb_queue_empty_lockless(&sk->sk_receive_queue)) |
a9a08845 | 3123 | mask |= EPOLLIN | EPOLLRDNORM; |
af493388 CW |
3124 | if (sk_is_readable(sk)) |
3125 | mask |= EPOLLIN | EPOLLRDNORM; | |
3c73419c RW |
3126 | |
3127 | /* Connection-based need to check for termination and startup */ | |
3128 | if (sk->sk_type == SOCK_SEQPACKET) { | |
3129 | if (sk->sk_state == TCP_CLOSE) | |
a9a08845 | 3130 | mask |= EPOLLHUP; |
3c73419c RW |
3131 | /* connection hasn't started yet? */ |
3132 | if (sk->sk_state == TCP_SYN_SENT) | |
3133 | return mask; | |
3134 | } | |
3135 | ||
973a34aa | 3136 | /* No write status requested, avoid expensive OUT tests. */ |
a11e1d43 | 3137 | if (!(poll_requested_events(wait) & (EPOLLWRBAND|EPOLLWRNORM|EPOLLOUT))) |
973a34aa ED |
3138 | return mask; |
3139 | ||
ec0d215f | 3140 | writable = unix_writable(sk); |
7d267278 RW |
3141 | if (writable) { |
3142 | unix_state_lock(sk); | |
3143 | ||
3144 | other = unix_peer(sk); | |
3145 | if (other && unix_peer(other) != sk && | |
04f08eb4 | 3146 | unix_recvq_full_lockless(other) && |
7d267278 RW |
3147 | unix_dgram_peer_wake_me(sk, other)) |
3148 | writable = 0; | |
3149 | ||
3150 | unix_state_unlock(sk); | |
ec0d215f RW |
3151 | } |
3152 | ||
3153 | if (writable) | |
a9a08845 | 3154 | mask |= EPOLLOUT | EPOLLWRNORM | EPOLLWRBAND; |
3c73419c | 3155 | else |
9cd3e072 | 3156 | sk_set_bit(SOCKWQ_ASYNC_NOSPACE, sk); |
3c73419c | 3157 | |
3c73419c RW |
3158 | return mask; |
3159 | } | |
1da177e4 LT |
3160 | |
3161 | #ifdef CONFIG_PROC_FS | |
a53eb3fe | 3162 | |
7123aaa3 ED |
3163 | #define BUCKET_SPACE (BITS_PER_LONG - (UNIX_HASH_BITS + 1) - 1) |
3164 | ||
3165 | #define get_bucket(x) ((x) >> BUCKET_SPACE) | |
3166 | #define get_offset(x) ((x) & ((1L << BUCKET_SPACE) - 1)) | |
3167 | #define set_bucket_offset(b, o) ((b) << BUCKET_SPACE | (o)) | |
a53eb3fe | 3168 | |
7123aaa3 | 3169 | static struct sock *unix_from_bucket(struct seq_file *seq, loff_t *pos) |
1da177e4 | 3170 | { |
7123aaa3 ED |
3171 | unsigned long offset = get_offset(*pos); |
3172 | unsigned long bucket = get_bucket(*pos); | |
3173 | struct sock *sk; | |
3174 | unsigned long count = 0; | |
1da177e4 | 3175 | |
7123aaa3 ED |
3176 | for (sk = sk_head(&unix_socket_table[bucket]); sk; sk = sk_next(sk)) { |
3177 | if (sock_net(sk) != seq_file_net(seq)) | |
097e66c5 | 3178 | continue; |
7123aaa3 ED |
3179 | if (++count == offset) |
3180 | break; | |
3181 | } | |
3182 | ||
3183 | return sk; | |
3184 | } | |
3185 | ||
3186 | static struct sock *unix_next_socket(struct seq_file *seq, | |
3187 | struct sock *sk, | |
3188 | loff_t *pos) | |
3189 | { | |
3190 | unsigned long bucket; | |
3191 | ||
3192 | while (sk > (struct sock *)SEQ_START_TOKEN) { | |
3193 | sk = sk_next(sk); | |
3194 | if (!sk) | |
3195 | goto next_bucket; | |
3196 | if (sock_net(sk) == seq_file_net(seq)) | |
3197 | return sk; | |
1da177e4 | 3198 | } |
7123aaa3 ED |
3199 | |
3200 | do { | |
3201 | sk = unix_from_bucket(seq, pos); | |
3202 | if (sk) | |
3203 | return sk; | |
3204 | ||
3205 | next_bucket: | |
3206 | bucket = get_bucket(*pos) + 1; | |
3207 | *pos = set_bucket_offset(bucket, 1); | |
3208 | } while (bucket < ARRAY_SIZE(unix_socket_table)); | |
3209 | ||
1da177e4 LT |
3210 | return NULL; |
3211 | } | |
3212 | ||
1da177e4 | 3213 | static void *unix_seq_start(struct seq_file *seq, loff_t *pos) |
9a429c49 | 3214 | __acquires(unix_table_lock) |
1da177e4 | 3215 | { |
fbe9cc4a | 3216 | spin_lock(&unix_table_lock); |
7123aaa3 ED |
3217 | |
3218 | if (!*pos) | |
3219 | return SEQ_START_TOKEN; | |
3220 | ||
3221 | if (get_bucket(*pos) >= ARRAY_SIZE(unix_socket_table)) | |
3222 | return NULL; | |
3223 | ||
3224 | return unix_next_socket(seq, NULL, pos); | |
1da177e4 LT |
3225 | } |
3226 | ||
3227 | static void *unix_seq_next(struct seq_file *seq, void *v, loff_t *pos) | |
3228 | { | |
3229 | ++*pos; | |
7123aaa3 | 3230 | return unix_next_socket(seq, v, pos); |
1da177e4 LT |
3231 | } |
3232 | ||
3233 | static void unix_seq_stop(struct seq_file *seq, void *v) | |
9a429c49 | 3234 | __releases(unix_table_lock) |
1da177e4 | 3235 | { |
fbe9cc4a | 3236 | spin_unlock(&unix_table_lock); |
1da177e4 LT |
3237 | } |
3238 | ||
3239 | static int unix_seq_show(struct seq_file *seq, void *v) | |
3240 | { | |
ac7bfa62 | 3241 | |
b9f3124f | 3242 | if (v == SEQ_START_TOKEN) |
1da177e4 LT |
3243 | seq_puts(seq, "Num RefCount Protocol Flags Type St " |
3244 | "Inode Path\n"); | |
3245 | else { | |
3246 | struct sock *s = v; | |
3247 | struct unix_sock *u = unix_sk(s); | |
1c92b4e5 | 3248 | unix_state_lock(s); |
1da177e4 | 3249 | |
71338aa7 | 3250 | seq_printf(seq, "%pK: %08X %08X %08X %04X %02X %5lu", |
1da177e4 | 3251 | s, |
41c6d650 | 3252 | refcount_read(&s->sk_refcnt), |
1da177e4 LT |
3253 | 0, |
3254 | s->sk_state == TCP_LISTEN ? __SO_ACCEPTCON : 0, | |
3255 | s->sk_type, | |
3256 | s->sk_socket ? | |
3257 | (s->sk_state == TCP_ESTABLISHED ? SS_CONNECTED : SS_UNCONNECTED) : | |
3258 | (s->sk_state == TCP_ESTABLISHED ? SS_CONNECTING : SS_DISCONNECTING), | |
3259 | sock_i_ino(s)); | |
3260 | ||
ae3b5641 | 3261 | if (u->addr) { // under unix_table_lock here |
1da177e4 LT |
3262 | int i, len; |
3263 | seq_putc(seq, ' '); | |
3264 | ||
3265 | i = 0; | |
755662ce KI |
3266 | len = u->addr->len - |
3267 | offsetof(struct sockaddr_un, sun_path); | |
1da177e4 LT |
3268 | if (!UNIX_ABSTRACT(s)) |
3269 | len--; | |
3270 | else { | |
3271 | seq_putc(seq, '@'); | |
3272 | i++; | |
3273 | } | |
3274 | for ( ; i < len; i++) | |
e7947ea7 IB |
3275 | seq_putc(seq, u->addr->name->sun_path[i] ?: |
3276 | '@'); | |
1da177e4 | 3277 | } |
1c92b4e5 | 3278 | unix_state_unlock(s); |
1da177e4 LT |
3279 | seq_putc(seq, '\n'); |
3280 | } | |
3281 | ||
3282 | return 0; | |
3283 | } | |
3284 | ||
56b3d975 | 3285 | static const struct seq_operations unix_seq_ops = { |
1da177e4 LT |
3286 | .start = unix_seq_start, |
3287 | .next = unix_seq_next, | |
3288 | .stop = unix_seq_stop, | |
3289 | .show = unix_seq_show, | |
3290 | }; | |
2c860a43 KI |
3291 | |
3292 | #if IS_BUILTIN(CONFIG_UNIX) && defined(CONFIG_BPF_SYSCALL) | |
3293 | struct bpf_iter__unix { | |
3294 | __bpf_md_ptr(struct bpf_iter_meta *, meta); | |
3295 | __bpf_md_ptr(struct unix_sock *, unix_sk); | |
3296 | uid_t uid __aligned(8); | |
3297 | }; | |
3298 | ||
3299 | static int unix_prog_seq_show(struct bpf_prog *prog, struct bpf_iter_meta *meta, | |
3300 | struct unix_sock *unix_sk, uid_t uid) | |
3301 | { | |
3302 | struct bpf_iter__unix ctx; | |
3303 | ||
3304 | meta->seq_num--; /* skip SEQ_START_TOKEN */ | |
3305 | ctx.meta = meta; | |
3306 | ctx.unix_sk = unix_sk; | |
3307 | ctx.uid = uid; | |
3308 | return bpf_iter_run_prog(prog, &ctx); | |
3309 | } | |
3310 | ||
3311 | static int bpf_iter_unix_seq_show(struct seq_file *seq, void *v) | |
3312 | { | |
3313 | struct bpf_iter_meta meta; | |
3314 | struct bpf_prog *prog; | |
3315 | struct sock *sk = v; | |
3316 | uid_t uid; | |
3317 | ||
3318 | if (v == SEQ_START_TOKEN) | |
3319 | return 0; | |
3320 | ||
3321 | uid = from_kuid_munged(seq_user_ns(seq), sock_i_uid(sk)); | |
3322 | meta.seq = seq; | |
3323 | prog = bpf_iter_get_info(&meta, false); | |
3324 | return unix_prog_seq_show(prog, &meta, v, uid); | |
3325 | } | |
3326 | ||
3327 | static void bpf_iter_unix_seq_stop(struct seq_file *seq, void *v) | |
3328 | { | |
3329 | struct bpf_iter_meta meta; | |
3330 | struct bpf_prog *prog; | |
3331 | ||
3332 | if (!v) { | |
3333 | meta.seq = seq; | |
3334 | prog = bpf_iter_get_info(&meta, true); | |
3335 | if (prog) | |
3336 | (void)unix_prog_seq_show(prog, &meta, v, 0); | |
3337 | } | |
3338 | ||
3339 | unix_seq_stop(seq, v); | |
3340 | } | |
3341 | ||
3342 | static const struct seq_operations bpf_iter_unix_seq_ops = { | |
3343 | .start = unix_seq_start, | |
3344 | .next = unix_seq_next, | |
3345 | .stop = bpf_iter_unix_seq_stop, | |
3346 | .show = bpf_iter_unix_seq_show, | |
3347 | }; | |
3348 | #endif | |
1da177e4 LT |
3349 | #endif |
3350 | ||
ec1b4cf7 | 3351 | static const struct net_proto_family unix_family_ops = { |
1da177e4 LT |
3352 | .family = PF_UNIX, |
3353 | .create = unix_create, | |
3354 | .owner = THIS_MODULE, | |
3355 | }; | |
3356 | ||
097e66c5 | 3357 | |
2c8c1e72 | 3358 | static int __net_init unix_net_init(struct net *net) |
097e66c5 DL |
3359 | { |
3360 | int error = -ENOMEM; | |
3361 | ||
a0a53c8b | 3362 | net->unx.sysctl_max_dgram_qlen = 10; |
1597fbc0 PE |
3363 | if (unix_sysctl_register(net)) |
3364 | goto out; | |
d392e497 | 3365 | |
097e66c5 | 3366 | #ifdef CONFIG_PROC_FS |
c3506372 CH |
3367 | if (!proc_create_net("unix", 0, net->proc_net, &unix_seq_ops, |
3368 | sizeof(struct seq_net_private))) { | |
1597fbc0 | 3369 | unix_sysctl_unregister(net); |
097e66c5 | 3370 | goto out; |
1597fbc0 | 3371 | } |
097e66c5 DL |
3372 | #endif |
3373 | error = 0; | |
3374 | out: | |
48dcc33e | 3375 | return error; |
097e66c5 DL |
3376 | } |
3377 | ||
2c8c1e72 | 3378 | static void __net_exit unix_net_exit(struct net *net) |
097e66c5 | 3379 | { |
1597fbc0 | 3380 | unix_sysctl_unregister(net); |
ece31ffd | 3381 | remove_proc_entry("unix", net->proc_net); |
097e66c5 DL |
3382 | } |
3383 | ||
3384 | static struct pernet_operations unix_net_ops = { | |
3385 | .init = unix_net_init, | |
3386 | .exit = unix_net_exit, | |
3387 | }; | |
3388 | ||
2c860a43 KI |
3389 | #if IS_BUILTIN(CONFIG_UNIX) && defined(CONFIG_BPF_SYSCALL) && defined(CONFIG_PROC_FS) |
3390 | DEFINE_BPF_ITER_FUNC(unix, struct bpf_iter_meta *meta, | |
3391 | struct unix_sock *unix_sk, uid_t uid) | |
3392 | ||
3393 | static const struct bpf_iter_seq_info unix_seq_info = { | |
3394 | .seq_ops = &bpf_iter_unix_seq_ops, | |
3395 | .init_seq_private = bpf_iter_init_seq_net, | |
3396 | .fini_seq_private = bpf_iter_fini_seq_net, | |
3397 | .seq_priv_size = sizeof(struct seq_net_private), | |
3398 | }; | |
3399 | ||
3400 | static struct bpf_iter_reg unix_reg_info = { | |
3401 | .target = "unix", | |
3402 | .ctx_arg_info_size = 1, | |
3403 | .ctx_arg_info = { | |
3404 | { offsetof(struct bpf_iter__unix, unix_sk), | |
3405 | PTR_TO_BTF_ID_OR_NULL }, | |
3406 | }, | |
3407 | .seq_info = &unix_seq_info, | |
3408 | }; | |
3409 | ||
3410 | static void __init bpf_iter_register(void) | |
3411 | { | |
3412 | unix_reg_info.ctx_arg_info[0].btf_id = btf_sock_ids[BTF_SOCK_TYPE_UNIX]; | |
3413 | if (bpf_iter_reg_target(&unix_reg_info)) | |
3414 | pr_warn("Warning: could not register bpf iterator unix\n"); | |
3415 | } | |
3416 | #endif | |
3417 | ||
1da177e4 LT |
3418 | static int __init af_unix_init(void) |
3419 | { | |
3420 | int rc = -1; | |
1da177e4 | 3421 | |
c593642c | 3422 | BUILD_BUG_ON(sizeof(struct unix_skb_parms) > sizeof_field(struct sk_buff, cb)); |
1da177e4 | 3423 | |
94531cfc JW |
3424 | rc = proto_register(&unix_dgram_proto, 1); |
3425 | if (rc != 0) { | |
3426 | pr_crit("%s: Cannot create unix_sock SLAB cache!\n", __func__); | |
3427 | goto out; | |
3428 | } | |
3429 | ||
3430 | rc = proto_register(&unix_stream_proto, 1); | |
ac7bfa62 | 3431 | if (rc != 0) { |
5cc208be | 3432 | pr_crit("%s: Cannot create unix_sock SLAB cache!\n", __func__); |
1da177e4 LT |
3433 | goto out; |
3434 | } | |
3435 | ||
3436 | sock_register(&unix_family_ops); | |
097e66c5 | 3437 | register_pernet_subsys(&unix_net_ops); |
c6382918 | 3438 | unix_bpf_build_proto(); |
2c860a43 KI |
3439 | |
3440 | #if IS_BUILTIN(CONFIG_UNIX) && defined(CONFIG_BPF_SYSCALL) && defined(CONFIG_PROC_FS) | |
3441 | bpf_iter_register(); | |
3442 | #endif | |
3443 | ||
1da177e4 LT |
3444 | out: |
3445 | return rc; | |
3446 | } | |
3447 | ||
3448 | static void __exit af_unix_exit(void) | |
3449 | { | |
3450 | sock_unregister(PF_UNIX); | |
94531cfc JW |
3451 | proto_unregister(&unix_dgram_proto); |
3452 | proto_unregister(&unix_stream_proto); | |
097e66c5 | 3453 | unregister_pernet_subsys(&unix_net_ops); |
1da177e4 LT |
3454 | } |
3455 | ||
3d366960 DW |
3456 | /* Earlier than device_initcall() so that other drivers invoking |
3457 | request_module() don't end up in a loop when modprobe tries | |
3458 | to use a UNIX socket. But later than subsys_initcall() because | |
3459 | we depend on stuff initialised there */ | |
3460 | fs_initcall(af_unix_init); | |
1da177e4 LT |
3461 | module_exit(af_unix_exit); |
3462 | ||
3463 | MODULE_LICENSE("GPL"); | |
3464 | MODULE_ALIAS_NETPROTO(PF_UNIX); |